CoinEx: North Korean Lazarus Group Reportedly Behind Crypto Exchange Hack

Must read

In a startling revelation, the North Korean hacker group, Lazarus Group, is reportedly behind the recent CoinEx crypto exchange hack. This revelation comes after cybersecurity firm SlowMist and renowned on-chain analyst ZachXBT connected the dots between the CoinEx exploit and previous hacking incidents attributed to the Lazarus Group.

On September 12, 2023, CoinEx’s Risk Control System raised alarms over irregular withdrawals from several of its hot wallet addresses. The exchange responded swiftly, setting up an investigative team to delve into the breach. Preliminary findings revealed unauthorized transactions involving Ethereum (ETH), Tron (TRON), and Polygon (MATIC). While the exact amount of the loss was initially undetermined, SlowMist confirmed today that the total stolen funds amounted to approximately $55.5 million.

A few hours ago, CoinEx identified a third series of suspicious wallet addresses across various blockchains, including BSC, ARB, OP, and XLM.

CoinEx, in a bid to reassure its user base, stated that the affected fund was a minor portion of the exchange’s total assets. They further assured users of the security of their assets and pledged full compensation to those affected by the breach. As a precautionary measure, the exchange temporarily suspended deposit and withdrawal services, promising a thorough review before resumption.

The CoinEx Links To Lazarus

SlowMist’s investigation unearthed two hacker addresses, 0x22…a98d on Binance Smart Chain (BSC) and 0x75….Ac59 on Polygon, both tagged as Stakecom Exploiter. Their analysis suggests a potential connection between the Alphapo Exploiter, Stake Exploiter, and CoinEx Exploiter, all pointing towards the Lazarus Group.

Stake, an Australian sports betting and crypto casino service provider suffered an exploit last week, leading to a loss of up to $41.3 million. On Monday, the US Federal Bureau of Investigation (FBI) announced that it already unmasked the culprits, the notorious Lazarus Group.

On-chain sleuth ZachXBT, lending his expertise to the situation, highlighted an address connection between the recent $55 million CoinEx hack and a $41 million Stake hack on OP & Polygon. This inadvertent link, according to ZachXBT, was a significant lead pointing towards the Lazarus Group’s involvement.

Stake CoinEx connection
Link between CoinEx and Stake | Source: X @zachxbt

As it happens, Lazarus Group moved assets from the Stake hack today. As lowMist’s reported earlier today, the Lazarus Group transferred Binance Coin (BNB) to several ChangeNOW custodian addresses. They used platforms such as TransitSwap, SwftSwap, SquidRouter, and OKX-DEX. Specifically, the hackers bridged assets via TransitSwap, exchanged BNB for USDT-BEP20 on PancakeSwap, and then transferred the funds to the crypto exchange MEXC.

A Call For Enhanced Security

The Lazarus Group’s exploits in the crypto space are now reportedly in the billions of dollars. Their frequent appearances in cybercrime headlines emphasize the pressing need for fortified security measures within the blockchain industry. South Korean authorities, alarmed by these developments, are intensifying efforts to prevent North Korea from allegedly funneling these illicit funds into illegal weapons programs.

At press time, the broader crypto market remained unfazed by the news. Total crypto market cap has risen to $1.020 trillion, facing a crucial resistance at $1.022 trillion.

Crypto market cap CoinEx Lazarus
Total crypto market cap faces strong resistance, 1-day chart | Source: TOTAL on

Featured image from iStock, chart from

More articles

Latest article