A notorious threat group linked to the North Korean state has been held responsible for a significant cyber attack on cryptocurrency exchange CoinEx. The exchange, based in Hong Kong, issued a warning to its users via a post on X (formerly Twitter) on September 12, revealing that “anomalous withdrawals” had been detected from several hot wallet addresses storing the exchange’s assets.
Upon investigation, CoinEx discovered that the incident was caused by a compromised hot wallet private key falling into the wrong hands. Approximately $53 million worth of funds were withdrawn in nine different cryptocurrencies. In response, the exchange temporarily suspended deposits and withdrawals of all crypto assets, shut down its hot wallet server, and transferred remaining assets from the compromised wallet to secure addresses.
Blockchain analysts were quick to attribute the attack to North Korea. ZachXBT stated on X that “North Korea is also responsible for the $54 million CoinEx hack, as they accidentally linked their address to the $41 million Stake hack on OP & Polygon.” This latest breach adds to a string of cyber heists this year, including those targeting Lazarus Group, such as Atomic Wallet ($35 million), Alphapo ($60 million), and CoinsPaid ($37 million).
The stolen funds are believed to be used by the Kim Jong-un regime to finance its nuclear and missile programs. However, with the recent meeting between Kim and Russian President Putin, there is speculation that the funds could also indirectly support Russia’s actions in Ukraine.
In response to the attack, CoinEx is in the process of rebuilding and redeploying its wallet system and is coordinating with other exchanges to freeze the assets of the perpetrators. While the exchange reassures its users that their assets will not be impacted by the breach, it advises caution and urges users not to deposit funds to old addresses until the recovery process is complete.
As CoinEx works towards restoring normal operations, it emphasizes the importance of security measures to prevent potential asset losses. The exchange acknowledges the impact of the heist on its users and is committed to resolving the situation as quickly as possible.