North Korean hackers are suspected of stealing around $53 million worth of cryptocurrency from cryptocurrency exchange CoinEx, after a private key was leaked.
The incident was identified on September 12, when the exchange observed “abnormal withdrawals from multiple hot wallet addresses” where CoinEx was temporarily storing user assets.
“It is currently preliminarily determined that the cause of the incident was the leak of the hot wallet’s private key,” the company explains in a statement. incident notification.
Immediately after identifying the attack, the exchange transferred the remaining assets of the targeted hot wallets to cold storage, suspended all deposit and withdrawal services, and shut down the hot wallet server.
CoinEx claims that it has started rebuilding and redeploying the wallet system and that deposit and withdrawal services will gradually resume.
The exchange published a list of suspicious cryptocurrency addresses involved in the attack, urging affected project teams and other exchanges to help it freeze the attackers’ funds.
“We are actively collaborating with relevant crypto projects to formulate a solution. Additionally, we urge crypto projects and our fellow crypto exchanges to remain vigilant. If you detect any unusual or related activities from the aforementioned wallet addresses, please contact us immediately,” the exchange said on social networks.
Although CoinEx has not shared details on the amounts stolen, the organizations are tracking the crypto addresses involved. having determined that approximately $53 million in Bitcoin, Ethereum, Smart Chain Coin, TRON and other cryptocurrencies were stolen during the heist.
Web3 security company CertiK Remarks that at least $377 million worth of cryptocurrency has been stolen this year following private key compromises, and claims that a hacking group linked to North Korea Lazarus is the culprit.
The security company identified a link between the recent Atomic WalletAlphapo, CoinsPaid, Stake.comand the CoinEx heists, all of which were the result of a private key leak, and all apparently the work of Lazarus.
“Historical data, including the Ronin Bridge and CoinsPaid exploits, identifies Lazarus Group’s modus operandi: spear phishing targeting Web3 company personnel to hijack sensitive credentials. Employees in the Web3 sphere must be extremely vigilant against unsolicited job offers, particularly those offering overly lucrative remuneration,” notes CertiK.
Related: FBI finds 1,580 Bitcoins in crypto wallets linked to North Korean hackers
Related: GitHub warns of North Korean social engineering attacks targeting tech company employees
Related: JumpCloud cyberattack linked to North Korean hackers