On September 12, Hong Kong-based cryptocurrency exchange CoinEX was hit by hackers who stole funds worth over $27 million in crypto from a hot wallet that was used to support the platform’s daily exchange operations.
Blockchain security firm Cyvers was the first to detect multiple suspicious transactions on the hot wallet and informed CoinEx at the instance, even ordering the exchange to stop all withdrawals and deposits to block the funds from exiting.
CoinEx Suspends All Transfers And Withdrawals After Hackers Drain Company’s Ethereum Wallet
CoinEx put out a statement on X (formerly Twitter) confirming the “anomalous withdrawals” from several hot wallet addresses used by the company to store exchange assets. The company announced it has paused all services until further notice and has established a special investigation team to look into the matter.
According to cybersecurity analysts at Cyvers, funds amounting to $18.12 million in Ether (ETH), $8.5 million in Tron (TRX), and $291,000 in Polygon (MATIC) were stolen from CoinEx’s Ethereum wallet.
The agency attributed the hack to a possible violation of access control, a private leakage, a rug pull by the company itself, or from an inside job.
CoinEx has assured users that their assets are “secure and untouched”, and those who were affected by the breach will receive “100% compensation”.
Cybersecurity Firms Account The Hacker’s Loot To Be Worth Around $54 Million
On-chain data shows that at approximately 1:21 pm UTC on September 12, a CoinEx hot wallet transferred 4,947 ETH worth around $8 million to another Ethereum wallet. The recipient’s ETH wallet was brand new as it had no prior history before this transaction.
Soon after, the hot wallet began transferring large amounts of crypto tokens to the same address. This included 408,741 DAI stablecoin, 2.7 million Graph (GRT) tokens worth approximately $222,000, and 29,158 Uniswap (UNI) tokens worth $124,213, among other assets.
Blockchain security firm PeckShield, who reported the outflow as suspicious, says the attack drained CoinEx of an additional $6.4 million in Binance coin (BSC) and $6 million in Bitcoin (BTC).
The agency claims the total cost of the attack could amount to upwards of $40 million. Meanwhile, CertiK Alert has raised the estimated figure to around $54 million.
CoinEx has since transferred the remaining $72 million worth of assets to a more secure cold storage wallet. The company has shared details of the suspect’s wallet with other crypto exchanges and asked them to blacklist the address in an effort to make it harder for the attacker to move the stolen funds via other platforms.
Was The Lazarus Group Behind The CoinEx Hack?
Crypto sleuth ZachXBT claims the $54 million heist could have been linked to the notorious North Korean state-backed hacker group ‘Lazarus’.
His revelation came after it was revealed that the hackers accidentally connected their wallet to the address responsible for the $41 million hack that occurred last month on the Ethereum hot wallet of Stake.com – a popular crypto casino and sports betting platform.
The group is known to be behind several multi-million dollar hacks that took place this year, such as the theft of $35 million from Atomic Wallet in June, $60 million from Alphapo in July, and $37.3 million from crypto-fiat payments platform CoinsPaid, which also took place in July.
The Federal Bureau of Investigation (FBI) has warned crypto companies to stay vigilant of Lazarus Group as they are reportedly on a hacking spree and has asked the firms to notify them of any suspicious activity.
The hacking group is said to be sponsored by the North Korean government in an apparent effort to raise funds for its nuclear weapons programs as the country remains heavily sanctioned by the West.
However, there is no official confirmation as to whether Lazarus was behind the CoinEx hack. Meanwhile, the culprit remains unidentified and the stolen funds are at large.