CoinEx loses $70 million in cyber attack

Hong Kong-based cryptocurrency exchange platform, CoinEx, has seen the loss of US$70 million in cryptocurrency following a cyber attack.

The cryptocurrency exchange platform made users aware of the cyber attack on September 12 via a post on social media site X (formerly Twitter). 
In the post, the company explained that the cyber attack was discovered after its risk control system “detected anomalous withdrawals from several hot wallet addresses used to store CoinEx's exchange assets”. An investigation into the anomalous activity was immediately launched.

Urgent Notice: Security Incident on CoinEx - Immediate Actions Underway

On September 12, 2023, our Risk Control System detected anomalous withdrawals from several hot wallet addresses used to store CoinEx's exchange assets. Promptly recognizing the gravity of the situation, we…

— CoinEx Global (@coinexcom) September 12, 2023

The company later posted an update on September 15 that its current losses are estimated to be $70 million, a “small portion” of the company’s total assets. On September 18, CoinEx made a further statement that “any claims stating that CoinEx has resumed withdrawal services are false and scam-related,” urging its customers to report the fraudulent communications to them and warning them to not engage with them.  

The company also gave an update on its business operations on September 18, saying it was working to reconstruct its wallet system and resume withdrawal services within seven days. CoinEx said it “recognize[d] the distress and uncertainty experienced by our users during this waiting period”, but explained that its “utmost priority remains ensuring that our new wallet system offers the highest level of security”. Finally, the company reassured its customers that their assets are completely secure and intact.

#CoinExResponseUpdate - CoinEx Team Work Progress Update on September 18th
(Details in threads)

Caution: Any claims stating that CoinEx has resumed withdrawal services are false & scam-related. Please report such messages to us & don't engage in these communications. pic.twitter.com/5pmlZgrGIU

— CoinEx Global (@coinexcom) September 18, 2023

Researchers from blockchain research company Elliptic have since said that the cyber attack was likely the work of a North Korean hacking group known as Lazarus Group. This is due to the stolen cryptocurrency being sent to cryptocurrency wallets previously used by Lazarus Group, as well as the malicious actors sending the cryptocurrency to the Etheruem bridge. The transfer of the cryptocurrency from one blockchain to another is something that has been utilized by the hacking group previously.

CoinEx has not yet made public the identity of the hacker, however the company did make a statement addressing them directly via its X account. In the post, CoinEx said it “hope[d] to build a sincere and open channel of communication” with the malicious actors, noting that the cyber security incident was a “profound lesson for us and has alerted us to the fact that the security of exchange assets must never be compromised”.  

CoinEx encouraged the malicious actors to contact them directly, saying that if they returned the stolen assets, they would be paid a “generous” bug bounty in reward. They also noted that the technical ability of the hackers would allow them to excel as a white hat hacker within the blockchain industry.