Hong Kong-based cryptocurrency exchange CoinEx suffered a security breach resulting in hackers stealing more than $70 million worth of tokens. The exchange is now taking steps to contact the hackers and recover the stolen funds, media reports said.
CoinEx reassured its users that the stolen funds represent only a small fraction of its total assets under management. The exchange has pledged to fully compensate affected users for any losses incurred.
CoinEx is actively investigating the breach’s origins, with some blockchain security firms attributing the attack to North Korean Lazarus Group hackers. The preliminary findings of CoinEx’s investigation point to a compromised private key for its hot wallets as the root cause of the security incident. Hot wallets are typically used to store assets for conducting deposits and withdrawals.
In response to the breach, CoinEx suspended its withdrawal service to prevent further losses, patched vulnerabilities in its systems, and transferred the remaining assets from the affected hot wallets. The exchange anticipates gradually resuming withdrawals within seven working days.
CoinEx is also concentrating on the development and deployment of a new, robust wallet system capable of handling activities across 211 chains and 737 assets.
The breach initially came to light when CoinEx detected “anomalous withdrawals” from one of its hot wallets on September 12, commencing with a transfer of 4,947 Ether. Subsequently, the hackers proceeded to withdraw substantial amounts of other tokens to the same address.
The estimated value of the stolen funds initially stood at $27 million but has since doubled in the week following the incident.
