CoinEx - REKT

rekt across thirteen chains.

Is that a new record?

CEX CoinEx has become the latest crypto custodian to have its hot wallets emptied, losing an eventual total of $54.3M.

They may want to update their homepage:

Secure and safeguarded with 0 incident

Approximately four hours after the attack began, CoinEx acknowledged the incident (though the thread has since been deleted and replaced with a more urgent sounding message).

Presumably, letting users know they have a “special investigative team” on the case didn’t cut the mustard…

CoinEx assures users that the missing coins make up “just a very small portion of CoinEx’s total asset”, and that losses will be covered. Deposits and withdrawals are currently suspended.

As with last week’s $40M+ Stake hack, the alarm was raised by Cyvers, who flagged the suspicious outflows. The Stake incident was later attributed to DPRK state-sponsored hackers by the FBI.

Could this be twice in two weeks for Lazarus?

Looks like it.

Credit: ZachXBT, CoinEx

The attack began with a transfer of almost 4950 ETH (worth approximately $8M) at 1:20:59 PM UTC.

As in previous examples, wallets were then rapidly drained of ETH/TRON/MATIC followed by other assets, which in turn were swapped back to native assets over the following hours and forwarded onto new addresses.

CoinEx have not announced how the security breach occurred, but stated they will publish a report in due course:

You have our solemn promise that a detailed timeline and comprehensive report about this incident will be shared with the community as swiftly as possible.

Attackers drained a total of $54.3M via the following addresses:

ETH 1 ($10.4M): 0x8bf8cd7F001D0584F98F53a3d82eD0bA498cC3dE

ETH 2 ($2.3M): 0x483D88278Cbc0C9105c4807d558E06782AEFf584

ETH 3 ($5.3M): 0xCC1AE485b617c59a7c577C02cd07078a2bcCE454

TRON ($11.5M): TPFUjxQzG88Vwynrpj2W61ZAkQ9W2QYgAQ

BSC ($6.3M): 0x6953704e753C6FD70Eb6B083313089e4FC258A20

XRP ($6M): rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf

BTC ($5.2M): 1DSvdmVZGKpCxAR4XexkywxM1whbcvHzbA

SOL ($2.5M): G3udanrxk8stVe8Se2zXmJ3QwU8GSFJMn28mTfn8t1kq

XDAG ($1.7M): 15VY3MadZvLpXhjzFXwCUmtZcHszju6L9

KDA ($1.1M): k:a9f3672d7ad7a1e4592702d73b220cbc61db1fa17f89a56131d965bc03959913

ARB ($520k): 0xfEec9F846E2FE529B765d832EBa988a399Fe3cD6


BCH ($400k): qrgxyhj8rzl4l7fgauu6q6vtu2grct4jeyrnaq2s75

MATIC ($300k): 0x4515bE0067E60d8e49b2425D37e61c791C9B95e9

OP ($260k): 0x964c192e54E5eF4176626875BB53071956579fca

Funds that remained in CoinEx hot wallets appear to be being accumulated in a multisig address (current holdings of over $70M).

As more wallets were identified, and the losses stacked up, some of the associated addresses were linked to exchanges and Twitter accounts.

But with for-sale KYC’d accounts and outsourced scamfarms common among organised cybercriminals, it’s rare that these kinds of links lead to any material consequences.

However, one OP address was identical to a MATIC address used during last week's Stake casino heist.

While much of the crypto crowd has grown apathetic over the last few months, Lazarus has been busy, and shows no signs of slowing down.

With danger lurking around every corner of the cryptosphere, CEXs purport to offer a safe haven which users can trust to safely hold their assets, rather than risk getting rekt on-chain.

But is it that cases of compromised keys so frequent on centralised exchanges holding hundreds of millions in user assets?

As we said last week:

...centralised platforms should be held to a higher standard.

How long until the next CEX is hit?

share this article

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C


REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.