North Korean hacker group Lazarus Group is reportedly behind the recent hack of the CoinEx cryptocurrency exchange. The news comes after cybersecurity firm SlowMist and prominent on-chain analyst ZachXBT linked the CoinEx breach to previous hacks by the Lazarus Group.
On September 12, 2023, the CoinEx risk control system issued an alert for abnormal currency withdrawal behavior from multiple hot wallet addresses. The exchange responded quickly and set up an investigative team to investigate the breach further. Preliminary findings reveal unauthorized transactions involving Ethereum (ETH), TRON (TRON) and Polygon (MATIC). While the exact amount of the loss was not initially determined, SlowMist confirmed today that the total amount of stolen funds was approximately $55.5 million.
A few hours ago, CoinEx discovered a third series of suspicious wallet addresses on various blockchains, including BSC, ARB, OP, and XLM.
In an effort to reassure its user base, CoinEx said the affected funds represented only a small portion of the exchange’s total assets. They further reassure users that their assets are secure and promise to provide full compensation to those affected by the breach. The exchange temporarily suspended deposit and withdrawal services as a precautionary measure and promised to conduct a thorough review before resuming.
CoinEx link to Lazarus
Slow Mist Investigation unearthed Two hacker addresses, 0x22…a98d on Binance Smart Chain (BSC) and 0x75….Ac59 on Polygon, were both labeled as Stakecom Exploiters. Their analysis revealed potential connections between Alphapo exploiters, Stake exploiters, and CoinEx exploiters, all of which point to the Lazarus Group.
Australian sports betting and cryptocurrency casino service provider Stake was attacked last week, resulting in losses of up to $41.3 million. On Monday, the FBI announced that it had uncovered the culprit, the notorious Lazarus Group.
On-chain detective ZachXBT lends his expertise to solving this problem, highlight Address correlation between the recent $55 million CoinEx hack and the $41 million Stake hack on OP and Polygon. According to ZachXBT, this unintentional connection is an important clue pointing to the involvement of the Lazarus Group.
As it happens, Lazarus Group moved assets from the Stake hack today. As lowMist reported earlier today, Lazarus Group moved Binance Coin (BNB) to multiple ChangeNOW escrow addresses. They use platforms such as TransitSwap, SwftSwap, SquidRouter and OKX-DEX. Specifically, the hackers bridged assets through TransitSwap, exchanged BNB for USDT-BEP20 on PancakeSwap, and then transferred the funds to cryptocurrency exchange MEXC.
Call for enhanced security
The Lazarus Group’s exploits in the cryptocurrency space are now reported to be in the billions of dollars. Their frequent appearance in cybercrime headlines highlights the urgent need for enhanced security measures within the blockchain industry. South Korean authorities are alarmed by these developments and are stepping up efforts to prevent North Korea from allegedly using these illicit funds for illicit weapons programs.
At press time, the broader cryptocurrency market was not affected by the news. The total cryptocurrency market capitalization has risen to $1.020 trillion, facing a critical resistance of $1.022 trillion.
Featured image from iStock, chart from TradingView.com