Hong Kong-based cryptocurrency exchange CoinEx Global fell victim to a significant security breach on September 12. The exchange initially detected “anomalous withdrawals” from several hot wallet addresses, leading to the suspension of deposit and withdrawal services.
CoinEx announced the hack on X, assuring that affected users would receive full compensation for their losses:
Urgent Notice: Security Incident on CoinEx – Immediate Actions Underway
On September 12, 2023, our Risk Control System detected anomalous withdrawals from several hot wallet addresses used to store CoinEx's exchange assets. Promptly recognizing the gravity of the situation, we…
— CoinEx Global (@coinexcom) September 12, 2023
While the exact amount of the loss is still under scrutiny, blockchain security firm PeckShield estimated the damage to be around $43 million, spread across multiple cryptocurrencies, including Ether, TRON, and Polygon. The breach involved multiple cryptocurrencies, with PeckShield breaking down the loss as approximately $19 million in Ether, $11.5 million in TRON, $6.4 million in BSC, $6 million in BTC, and $295,000 in MATIC. Another independent source, ZachXBT, reported an additional $6 million drained in XRP, which was not initially included in PeckShield’s assessment.
On September 13, CoinEx released an update identifying a second set of suspicious wallet addresses linked to the breach. The exchange urged industry colleagues and affected projects to assist in flagging and freezing these questionable addresses. The exchange added, “Together, we can face and overcome the challenges ahead”.
CoinEx’s assurance of full compensation to affected users has not quelled accusations of a potential “rug pull,” a term used to describe fraudulent activity by an exchange. However, the exchange has established proof-of-reserves, an audit system initiated by Binance founder ChangPeng Zhao, to reassure investors of the safety of their funds. The exchange is actively forming a solution for impacted parties and has successfully identified the wallet addresses associated with the breach.
The breach at CoinEx comes in the wake of a surge in cyber-attacks targeting cryptocurrency firms. According to Chainalysis, hackers stole more than $3.8 billion in cryptocurrencies last year, marking an increase from $3.3 billion in 2021.
CoinEx is not the only platform to have suffered a security incident recently. Over the past three months, other cryptocurrency platforms like Exactly Protocol, Harbor Protocol, and Vyper have also been targeted. Several of these attacks have been attributed to North Korean hackers, who reportedly stole billions in digital assets to allegedly fund the country’s nuclear weapons program.
