CoinEx hack: Compromised private keys led to $70M theft

Hong Kong-based cryptocurrency exchange CoinEx has revealed that compromised private keys allowed hackers to steal over $70 million worth of tokens. The exchange is now focused on opening lines of communication and recovering the funds.

Investigation underway

CoinEx representatives have provided more details about their ongoing investigation to Cointelegraph. The team is currently working on building and deploying a new wallet architecture in order to restore functionality to the platform and compensate affected users for any lost funds.

Only a small percentage affected

Although approximately $70 million worth of cryptocurrency was stolen, CoinEx claims that this amount represents only a small percentage of its total assets under management. The exchange has assured its users that they will be fully compensated for any funds lost during the hack.

Identity of hackers still unknown

CoinEx said that it is still trying to identify the individuals responsible for the security breach. Several blockchain security firms have pointed to North Korean Lazarus Group hackers as potential culprits, but the exchange's investigation is ongoing.

Compromised private keys

A preliminary investigation carried out by CoinEx revealed that a compromised private key for its hot wallets was the root cause of the security breach. The hot wallets were used to store assets for deposits and withdrawals. As a result, CoinEx suspended its withdrawal service, patched system vulnerabilities, and transferred remaining assets from the affected hot wallets. The exchange expects to gradually resume withdrawals within seven working days.

Escalating amount stolen

Initial reports from CoinEx flagged "anomalous withdrawals" from one of its hot wallets on September 12. The hackers began by transferring 4,947 Ether (ETH) and then proceeded to withdraw large amounts of other tokens to the same address. The value of the stolen funds was initially estimated at $27 million but has since doubled in the week following the incident.

North Korean hackers in focus

North Korean hackers have been a recurring threat in the cryptocurrency space, with a history of being responsible for major thefts. In 2022, for example, they carried out the Axie Infinity Ronin Bridge hack, stealing over $650 million. According to blockchain analytics firm Chainalysis, North Korean hackers have stolen around $340 million of cryptocurrency in 2023. This number is expected to increase with the recent CoinEx hack and the $41 million hack of cryptocurrency gambling platform Stake on September 4.