Image: Alexander Mils (unsplash)
CoinEX, a prominent global cryptocurrency exchange, recently revealed a significant breach in its security system. Intruders managed to compromise the exchange’s hot wallets, extracting vast sums of digital assets crucial for the platform’s daily operations.
The breach took place on September 12. Initial findings from the ongoing investigation indicate unauthorized transactions encompassing Ethereum ($ETH), Tron ($TRON), and Polygon ($MATIC) cryptocurrencies.
Although the full extent of the financial damage remains undetermined, CoinEx has not yet disclosed any specific information regarding the financial implications of the breach. Nevertheless, PeckShield, a leading blockchain security firm, reported that the assailants managed to siphon roughly $19 million in $ETH, $11 million in $TRON, $6.4 million in Smart Chain Coin ($BSC), $6 million in Bitcoin (BTC), and a sum of about $295,000 in $MATIC from CoinEx. By PeckShield’s assessments, the total loss stands at an estimated $43 million. Meanwhile, assets worth $72 million from the same source have been moved to more secure cold wallets for added protection.
A subsequent report by CertiK Alert suggests that the losses CoinEx suffered might be higher, estimating the figure at $53 million.
CoinEx made it clear that user assets remain untouched by the breach. Furthermore, the company has guaranteed full compensation for any entities incurring losses due to the incident. As a safety measure, CoinEx has temporarily halted all deposit and withdrawal functionalities. These services will remain on hold until the exchange’s technical team ensures that all potential threats have been thoroughly neutralized.
While public information about the exact nature of the breach is scarce, CoinEx has committed to publishing a comprehensive report, complete with a detailed timeline, once the investigation and the necessary incident response protocols wrap up.
At present, efforts are being directed towards monitoring the wallet addresses connected to the breach. CoinEx is also teaming up with other exchanges in an attempt to obstruct the intruders’ capacity to utilize or liquidate the stolen assets.
On the topic of high-value crypto thefts, the frequency seems to be on the rise. The infamous group ‘Lazarus’, reportedly supported by a North Korean entity, has been at the center of various such incidents. While there has been no official link made between CoinEx’s recent breach and Lazarus, blockchain analyst ZachXBT highlighted that one of the wallets tied to the heist had prior associations with the said group. Past breaches, like those impacting Atomic Wallet, Alphapo, and CoinsPaid, were all connected to Lazarus.
In an unrelated note, earlier this month, the crypto gaming platform ‘Stake.com’ disclosed a breach in its ETH/BSC hot wallets, resulting in losses approximating $41 million. The FBI, following an investigation, pointed towards Lazarus as the culprits behind this incident.