CoinEx cryptocurrency exchange recently experienced a major security breach, resulting in the theft of approximately $54 million worth of tokens. The attackers exploited a vulnerability in the exchange’s wallets and siphoned various tokens, including ether (ETH) [3], XRP [3] [4], tron’s TRX [3], MATIC [4], SOL [4], KDA [4], and XDAG [4].


CoinEx detected anomalous withdrawals from its hot wallet addresses and determined that the incident was caused by a hot wallet private key falling into the wrong hands [2]. As a result, the exchange suspended deposits and withdrawals [2] [5], transferred remaining assets to safe addresses [2], and is currently rebuilding its wallet system.

Analysis of the wallets involved in the attack has revealed links to the North Korean attacker group Lazarus [3], which has previously targeted crypto businesses [3]. This connection suggests that the stolen funds may be used to fund the regime’s nuclear and missile programs [2]. CoinEx has released several “suspicious” addresses where the stolen tokens were transferred [3] [4]. Furthermore, the investigation has uncovered a connection between the CoinEx attack and a $41 million exploit on the cryptocurrency betting platform Stake [4], which was also linked to Lazarus [4].

Despite the breach [4], CoinEx reassures users that their assets will not be affected by the heist [2]. The impacted funds represent a small amount of total user holdings [3], and all remaining assets on the exchange are secure [3] [4]. CoinEx is actively working to freeze the assets of the attackers [2]. The exchange has continued to operate and facilitate significant trade volume [4].


The attack on CoinEx is suspected to have been carried out by North Korean hackers, who stole $53 million worth of cryptocurrency after obtaining a leaked private key. CoinEx is taking steps to secure its platform and compensate affected users [1]. The investigation has revealed a suspected involvement of North Korea, and stakeholders of OP & Polygon are awaiting updates on the investigation [1]. The incident highlights the ongoing threat of cyberattacks in the cryptocurrency industry and the need for robust security measures to protect user assets.