North Korean Hackers Implicated in $54 Million CoinEx Security Breach

According to information referenced by blockchain investigator ZachXBT and verified by CoinDesk, it appears that the recent security breach affecting a cryptocurrency business may have been orchestrated by North Korean hackers connected to a prior crypto exploit. The target of this breach was the CoinEx exchange, which suffered an initial estimated loss of $27 million on Tuesday. However, this amount later surged to a total of $54 million in tokens taken from the exchange as more details emerged about several affected wallets, a development that unfolded through Wednesday.

The attackers managed to siphon various tokens, including ether (ETH), XRP, tron's TRX, MATIC, solana's SOL, kadena's KDA, and dagger's XDAG tokens. They exploited a security vulnerability in the wallets used by CoinEx. As a response, CoinEx released information on over 10 "suspicious" wallet addresses across different networks like Ethereum, BNB Chain, and Arbitrum, which were used for transferring the stolen tokens.

Source: X

Upon closer examination by blockchain expert ZachXBT, it was discovered that some of these transactions were directed to wallets previously involved in a $41 million crypto exploit on the crypto betting platform Stake earlier in the month. These wallets have ties to the Lazarus group, a North Korean hacker collective notorious for targeting cryptocurrency-related businesses.

Furthermore, one of the wallet addresses received funds directly from the Stake attacker earlier in the week and subsequently received tokens from the CoinEx breach. In the midst of these developments, CoinEx stated on Wednesday that the affected funds represented a relatively small portion of the total user assets held on the exchange, assuring users that all remaining assets on the platform remained secure.

Resources:

X

X

CoinDesk