Lazarus Group Involvement Suspected in CoinEx’s $54M Security Breach

Exploitation of CoinEx’s Hot Wallet

On Tuesday, CoinEx’s hot wallet, designated to house user tokens, became the latest target in a series of crypto attacks. Initial estimates stated losses of approximately $27 million. However, as more details emerged, it was clear that a whopping $54 million in various tokens had been misappropriated from the exchange.

Details of the Theft

The malefactors accessed a variety of tokens such as Ether (ETH), XRP, TRX, MATIC, SOL, KDA, and XDAG. This was made possible due to a compromised security protocol associated with the wallets the exchange relied upon. To aid in the investigation, CoinEx made public over ten addresses considered “dubious” across different networks like Ethereum, BNB Chain, and Arbitrum, pinpointing where the absconded tokens ended up.

ZachXBT’s Insightful Findings

ZachXBT, a well-known figure in the blockchain investigation arena, dug into the transactions associated with these suspect addresses. His findings linked some of the transactions to addresses that played a part in the recent $41 million misappropriation from the crypto betting platform, Stake. Remarkably, these addresses have ties to the North Korean hacking collective, Lazarus, notorious for their heists targeting crypto platforms.

One of the addresses, intriguingly, seemed to have been directly funded by the assailant from the Stake incident merely days ago. This same address later became a recipient of tokens from the CoinEx breach.

CoinEx’s Statement on the Matter

In a bid to assuage concerned users, CoinEx came forth on Wednesday, revealing that the stolen funds only constituted a minute fraction of the overall user assets. They further assured the community that all other assets within the exchange were unscathed and remained intact.