In September 2023, the CoinEx exchange suffered a large number of suspicious withdrawals from several hot wallets. The attack — suspected to have been performed by the Lazarus Group — netted the attacker an estimated $54 million.
Inside the Attack
The CoinEx hack was enabled by lax security for hot wallets associated with the exchange. By gaining access to these hot wallets, the attacker was able to steal an estimated $54 million from users of the exchange. After being notified of the incident, the exchange froze deposits and withdrawals as it carried out its investigation.
An analysis of the addresses used by the attackers created the suspected link to the North Korean Lazarus Group. This group has been suspected of performing multiple attacks in the DeFi space, including an attack against Stake in September. One of the addresses used in the CoinEx hack was also part of the attack on Stake, indicating that they were both carried out by the same group.
Lessons Learned from the Attack
The CoinEx attacker gained access to multiple hot wallets associated with the exchange. This allowed the attacker to siphon $54 million in various tokens into their own accounts.
Often, these types of attacks are made possible by wallets that are managed by a single private key. This makes them more vulnerable to phishing attacks, which are a favorite tactic of the Lazarus Group.
Click here to learn more about multisig wallets and how they can help keep your assets safe.