CoinEx Suffers $52.8 Million Security Breach Across Multiple Chains

Summary

On September 12, 2023, CoinEx, a crypto trading platform operating on various chains, experienced a massive security breach due to a private key compromise. The attacker exploited CoinEx’s hot wallets and extracted approximately $52.8 million worth of assets across 9 different chains. The stolen funds were transferred to the attacker’s addresses and then laundered via distribution between multiple addresses and smart contracts. Lazarus Group is suspected to be behind the theft, as multiple sources have confirmed an onchain connection between Stake.com, Atomic Wallet, and the CoinEx hacks.

Attackers

North Korean Lazarus Group is suspected to be behind the theft. The attackers used the following addresses to transfer the funds:

The following address was used to consolidate funds from both Stake.com and CoinEx hacks:

Losses

CoinEx lost $52,847,077 in total across the following chains:

  • $18,324,848 in Ethereum
  • $6,286,018 in Binance Smart Chain
  • $288,072 in Polygon
  • $11,119,353 in Tron
  • $2,496,432 in Solana
  • $6,082,389 in Bitcoin
  • $447,574 in Bitcoin Cash
  • $6,113,201 in Ripple
  • $1,689,190 in XDAG

Timeline

Security Failure Causes

Compromised Private Key: The primary cause of the security breach was the compromise of the private key for CoinEx’s hot wallets. This allowed the attacker to gain unauthorized access to the funds and perform malicious transactions.

Social Engineering: The Lazarus Group’s attack methodology of choice is social engineering. The $540 million hack of Ronin Bridge, for example, was attributed to a fake LinkedIn job offer.