Cryptocurrency exchange CoinEx recently fell victim to a massive hack resulting in the loss of over $27 million. According to a report by blockchain security firm SlowMist, the hack was carried out by the notorious North Korean Lazarus Group. This revelation was also supported by well-known on-chain investigator ZachXBT, who connected the group’s address to a previous $41 million hack on Optimism and Polygon. In this article, we will delve into the details of the CoinEx hack and the involvement of the Lazarus Group.
SlowMist provided a comprehensive explanation of how it arrived at the conclusion that the Lazarus Group was behind the CoinEx hack. The firm analyzed the addresses involved in the previous Stake and Alphapo exploit, which were already linked to North Korean state-backed actors. By examining the interactions between these addresses and the one related to the CoinEx hack, SlowMist was able to establish a clear connection. This evidence solidified their findings and pointed to the involvement of the Lazarus Group.
Link to $41 Million Stake Hack
The $41 million exploit of crypto gambling site Stake was previously linked to North Korean hackers by the U.S. Federal Bureau of Investigation (FBI). SlowMist’s confirmations further tied this hack to the Lazarus Group, as the group’s address was accidentally connected to the Stake hack as well. The accidental connection provided yet another piece of evidence against the Lazarus Group’s involvement in the CoinEx hack.
CoinEx Hack and Losses
CoinEx confirmed on September 12 that it had fallen victim to a hack, resulting in the loss of an undisclosed amount. However, independent on-chain investigators estimated the losses to be over $27 million. The hack involved unusual withdrawals from CoinEx’s hot wallets, affecting various cryptocurrencies including Ethereum, Tron, and ERC-20 tokens. The precise details and extent of the hack are still being investigated, with CoinEx working tirelessly to track down the hackers’ addresses.
Despite increasing economic sanctions and mounting evidence from world-leading organizations like the United Nations, North Korea continues to deny its sponsorship of hacking activities. However, the country has increasingly turned to illicit crypto wealth as a means to fund its weapons program. This shift in strategy allows North Korea to bypass economic restrictions imposed by Western countries and their allies. The international community, including South Korea, is taking steps to counteract North Korea’s illicit crypto activities. South Korea recently announced its intention to work on a bill that would enable the tracking and freezing of crypto assets stolen by North Korea for funding its weapons program.
The CoinEx hack, resulting in a loss of over $27 million, has been linked to the North Korean Lazarus Group. SlowMist’s analysis of the addresses involved in previous hacks and the accidental connection to the $41 million Stake hack corroborate this finding. The involvement of the Lazarus Group underscores the growing threat of state-sponsored hacking and the need for increased security measures within the cryptocurrency industry. As investigations continue, it remains crucial for exchanges and investors to remain vigilant and adopt robust security protocols to safeguard against such attacks.