The crypto industry’s best-known blockchain sleuth, the pseudonymous ZachXBT, has linked the theft of $55 million in crypto assets from crypto exchange CoinEx to the notorious North Korea-based cybercrime group Lazarus. The hacker group’s involvement in the attack came to light when it mistakenly exposed its Ethereum wallet address, which was also used to transfer stolen funds from crypto-based sports betting platform Stake.com.
On September 12, 2023, CoinEx reportedly fell victim to a malicious on-chain activity, experiencing suspicious outflows from its hot wallets to addresses with no prior history. This led several cybersecurity accounts on X (formerly Twitter) to point out that the crypto exchange had suffered a security breach.
While initial estimates suggested that the crypto exchange was drained out of nearly $28 million in crypto assets, the losses have since ballooned to approximately $55 million, according to spreadsheet data collected by blockchain security firm SlowMist. So far, CoinEx is said to have lost at least $6 million in bitcoin, $18.5 million in ether, and $6 million in XRP.
The attack on CoinEx is suspected to have been perpetrated by North Korea hacking group Lazarus. Crypto sleuth ZachXBT took to X (formerly Twitter) and said it had found a link between the CoinEx hack and the recent theft of $41 million from Stake.com—which, the U.S. Federal Bureau of Investigation (FBI) believes, was carried out by the Lazarus Group.
ZachXBT said it was able to trace the movement of some of the stolen currency from Stake.com to an Ethereum wallet address, which was also found to be interacting with wallet addresses that received the ill-gotten funds from CoinEx—indicating that the Lazarus Group was involved.
In the wake of the attack, CoinEx has temporarily paused deposits and withdrawals on the exchange. The crypto exchange has also assured that victims would receive “100% compensation” for the losses they incurred due to the attack.
Lazarus is also suspected of being behind the heist of roughly $200 million in a hack last month of Euler Finance, a decentralized finance (DeFi) platform on the Polygon network. In 2023 alone, the North Korea-affiliated hacking group has stolen over $200 million. This includes the thefts of $60 million of digital assets from payments company Alphapo and CoinsPaid in July and nearly $100 million of virtual currency from Atomic Wallet in June, the FBI said in a statement.