An infamous threat group linked to the North Korean state has been identified as the culprit behind a recent attack on cryptocurrency exchange CoinEx. The Hong Kong-based exchange disclosed to users via a post on social media that it had detected abnormal withdrawals from several hot wallet addresses where its assets were stored. Following an investigation, it was determined that a hot wallet private key had fallen into the wrong hands, resulting in the withdrawal of funds in nine different cryptocurrencies totaling around $53 million.
In response to the breach, CoinEx took immediate action by suspending deposits and withdrawals of all crypto assets, temporarily shutting down its hot wallet server, and transferring remaining assets from the compromised wallet to secure addresses. The exchange also reached out to other platforms to freeze the assets of the attackers.
Blockchain analysts were quick to attribute the attack to North Korea, citing connections between the CoinEx hack and a recent $40 million heist on crypto casino Stake. This incident adds to a series of high-profile raids this year, including those on Atomic Wallet, Alphapo, and CoinsPaid, all of which have been linked to the notorious Lazarus Group. The stolen funds are believed to be funding the nuclear and missile programs of the Kim Jong-un regime, although there are concerns that they could also be indirectly supporting Russian military activities in Ukraine following a recent meeting between Kim and President Putin.
While CoinEx reassured users that their assets would not be impacted by the breach, the exchange cautioned against depositing funds to old addresses during the recovery period to prevent potential losses. The company is currently working on rebuilding and redeploying its wallet system to enhance security measures and restore normal operations. Despite the setback, CoinEx remains committed to safeguarding its users’ assets and maintaining transparency throughout the recovery process.