CoinEx Crypto Exchange Hit by $28 Million Exploit, Four Hot Wallets Drained
On September 12, cryptocurrency exchange CoinEx experienced a suspected attack following a significant outflow from four of its hot wallets, which was immediately detected and reported by blockchain security firm Cyvers.
According to Cyvers Alert, the breach resulted in losses exceeding $27 million across hot wallets.
All the stolen funds were moved to a wallet without any previous transaction history, which immediately raised red flags for the security firm, who concluded that CoinEx had indeed suffered a hack.
According to Etherscan data, hot wallet 4 CoinEx has triggered a series of substantial transfers involving various cryptocurrencies to a single address.
The sequence began with the movement of approximately 4,947 ether, which at the time was equivalent to $7.9 million. This was followed by the transfer of several other cryptocurrencies from the exchange wallet to Ethereum via Uniswap.
Subsequently, there was a remarkable flow of 408,741 DAI, 2.7 million Graph Tokens (GRT), 29,158 Uniswap Tokens (UNI) and various other tokens from the hot wallet to the same address.
Cyvers Alert reports other moves, including approximately $11.5 million in crypto assets transferred to a Tron address and $295,000 in assets to a Polygon address. That was $27.4 million spread over three different blockchain networks.
CoinEx addresses security breaches, ensures users fund safety and compensation plans
At 1:38 PM (ET) on Tuesday, Hong Kong-based crypto exchange CoinEx officially addressed the breach via tweet, clarifying that the exact extent of the loss has yet to be determined.
A post titled “Urgent Notice: Coinex Security Incident – Immediate Action Underway” informed users of the situation.
“On September 12, 2023, our risk management system detected anomalous withdrawals from several hot wallet addresses where Coinex exchange assets are stored. We immediately recognized the seriousness of the situation and immediately set up a special investigation team to delve into the matter. Preliminary assessments indicate unauthorized transactions involving ETH, TRX and MATIC.
Additionally, CoinEx is assuring users to remain calm, stressing that the affected funds represent a small fraction of their total assets.
The exchange confirms that user funds remain safe and intact. Any affected users will be promptly and thoroughly compensated.
“You have our solemn promise that a detailed timeline and comprehensive report of this incident will be shared with the community as quickly as possible.”
CoinEx also said in its tweet that for security reasons, deposit and withdrawal services will be temporarily suspended and will only be resumed after a thorough review of the breach.
hey are committed to providing the community with a detailed timeline and comprehensive report of the incident as soon as possible.
“Our priority has always been and will be the safety and trust of our users. We deeply regret any distress this may have caused and assure you of our unwavering commitment to protect your interests.”
In its June 2023 settlement with New York Attorney General Letitia James, CoinEx will return more than $1.7 million to New York investors and pay penalties. In addition, the company is prohibited from operating in the state. This comes after James sued CoinEx for allegedly misrepresenting itself as a crypto exchange and failing to register with the state of New York.