Crypto Exchange CoinEx Hacked For $29 Million – On September 12th, the cryptocurrency exchange CoinEx found itself in the midst of a suspected security breach, an incident that was swiftly identified and reported by the blockchain security company Cyvers. The origins of this breach could be traced back to a substantial outflow of digital assets from four of CoinEx’s hot wallets, and this event marked the genesis of a cascade of events that would ultimately lead to losses exceeding a staggering $27 million, all within the span of a single day.
The alarm bells began to ring when Cyvers Alert, an entity dedicated to monitoring blockchain security, confirmed the massive losses across the compromised hot wallets. What set this particular breach apart was the meticulous care taken by the attackers. They channeled all the stolen funds into a wallet devoid of any previous transaction history, a clear attempt to obfuscate their tracks and make detection more challenging.
People Also Read: Coinbase CEO Discusses US Crypto Regulation
This maneuver left Cyvers with no doubt that CoinEx had indeed fallen victim to a hack of considerable magnitude. A closer look at the Etherscan data reveals a sequence of events that paints a vivid picture of the breach. The four compromised CoinEx hot wallets initiated a series of substantial transfers that encompassed a variety of cryptocurrencies, all destined for a single, nefarious address.
The saga began with the movement of approximately 4,947 Ether, an amount equivalent to a staggering $7.9 million at the time. However, the diversification of the ill-gotten gains did not end there. The perpetrators went on to convert several other cryptocurrencies from the exchange wallet into Ethereum, all achieved through the decentralized exchange Uniswap.
As the breach unfolded, there was an undeniable flow of 408,741 DAI tokens, 2.7 million Graph (GRT) tokens, 29,158 Uniswap (UNI) tokens, and an assortment of various other tokens, all siphoned from the hot wallets and funneled into the same ominous address. This systematic pillaging of CoinEx’s digital assets serves as a stark reminder of the persistent threats faced by cryptocurrency exchanges and the need for continued vigilance in the ever-evolving landscape of blockchain security.
According to the latest update from Cyvers Alert, there have been additional cryptocurrency transfers worth around $11.5 million directed to a Tron address and an additional $295,000 sent to a Polygon address. This brings the total amount affected by the breach to a staggering $27.4 million, now spanning across three distinct blockchain networks.
On Tuesday at 1:38 p.m. (Eastern Time), CoinEx, a cryptocurrency exchange headquartered in Hong Kong, finally acknowledged the breach through an official tweet. In their statement, they clarified that they are still in the process of determining the precise magnitude of the loss. The post, titled “Urgent Notice: Security Incident on Coinex—Immediate Actions Underway,” informed users of the situation.
Additionally, CoinEx provides assurance to its users, encouraging them to stay calm while emphasizing that the affected funds constitute only a minor portion of their total assets. The exchange confirms that user funds remain safe and untouched and promises swift and comprehensive compensation for any affected users.
People Also Read: FTX Looking to Recover Millions Paid to Athletes and Sports Clubs
In their Twitter message, CoinEx also communicated that, due to security concerns, deposit and withdrawal services will undergo a temporary suspension and will be reinstated only after a comprehensive breach review. They have pledged to furnish the community with a detailed timeline and a comprehensive report on the incident as soon as it’s available.
Furthermore, as part of its settlement in June 2023 with New York Attorney General Letitia James, CoinEx will reimburse more than $1.7 million to investors in New York and incur penalties. Moreover, the company is now prohibited from conducting operations within the state. This development follows James’ lawsuit against CoinEx, accusing the platform of falsely portraying itself as a cryptocurrency exchange and failing to register with the state of New York.