Experts suspect Lazarus Group hackers of CoinEx breach worth $55 million

SlowMist specialists speculated that the CoinEx exchange exploit may be carried out by hackers from the North Korea-backed Lazarus Group.

?SlowMist Security Alert?

1/ @coinexcom Exploiter, @Stake Exploiter and #Alphapo Exploiter may all have ties to the North Korean Hackers known as #LazarusGroup.

Here’s how we came to that conclusion: https://t.co/IGNldb2ZZJ pic.twitter.com/SLGzSgbCis

— SlowMist (@SlowMist_Team) September 13, 2023

On 12 September the CoinEx platform confirmed an unauthorized outflow of assets from hot wallets, which earlier PeckShield researchers pointed to. The team paused deposits and withdrawals, launched an investigation and pledged 100% compensation to victims.

SlowMist analyzed addresses associated with the CoinEx breach and found the estimated loss to be about $55.5 million.

During the investigation they noted that some hacker wallets are marked as linked to recent attacks on the crypto payments provider Alphapo (losses up to $60 million) and the betting platform Stake (~$41 million).

For example, funds from CoinEx breach and Stake were sent to an address on Polygon. An Ethereum wallet, labeled as belonging to the Alphapo exploiter, was involved in swaps of assets stolen from the payment provider and the betting platform.

Given that the FBI has previously linked the attack on Stake to the Lazarus Group, it is quite likely that the North Korean hackers are behind all three incidents, experts said.

5/ Given that the FBI has previously linked the Stake Exploiter to the North Korean hackers Lazarus Group, it is plausible that all three exploiters — Alphapo, CoinEx, and Stake — may be associated with this group. pic.twitter.com/6GpKmXZemh

— SlowMist (@SlowMist_Team) September 13, 2023

Earlier in 2023, the North Korea-backed hackers stole $180 million in cryptocurrencies.

The total industry losses from their actions have reached $3 billion. Half of this sum funded a programme to develop ballistic missiles.