On September 12, CoinEx, a cryptocurrency exchange, experienced a suspected attack following a substantial outflow from four of its hot wallets, which was promptly detected and reported by the blockchain security firm Cyvers.
According to Cyvers Alert, the breach resulted in losses exceeding $27 million across the hot wallets.
All the stolen funds were funneled into a wallet devoid of any prior transaction history, and this immediately raised red flags for the security firm, who concluded that CoinEx had indeed suffered a hack.
As per Etherscan data, the 4 CoinEx hot wallet initiated a series of substantial transfers involving various cryptocurrencies to a single address.
The sequence commenced with the movement of approximately 4,947 Ether, equivalent to $7.9 million at the time. This was followed by converting several other cryptocurrencies from the exchange wallet into Ethereum through Uniswap.
Subsequently, there was a notable flow of 408,741 DAI, 2.7 million Graph (GRT) tokens, 29,158 Uniswap (UNI) tokens, and various other tokens from the hot wallet to the same address.
Cyvers Alert reports further movements, including approximately $11.5 million in crypto assets transferred to a Tron address and $295,000 in assets to a Polygon address. This amounted to $27.4 million spread across three different blockchain networks.
CoinEx Addresses Security Breach, Assures Users of Fund Safety and Compensation Plans
On Tuesday at 1:38 p.m. (ET), the Hong-Kong based crypto exchange, CoinEx officially addressed the breach via a tweet, clarifying that the exact extent of the loss is yet to be ascertained.
The post, titled “Urgent Notice: Security Incident on Coinex—Immediate Actions Underway,” informed users of the situation.
“On September 12, 2023, our Risk Control System detected anomalous withdrawals from several hot wallet addresses that store Coinex’s exchange assets. Promptly recognizing the gravity of the situation, we immediately established a special investigative team to delve into the matter. Preliminary assessments indicate unauthorized transactions involving ETH, TRX, and MATIC.”
Furthermore, CoinEx reassures users to remain calm, emphasizing that the impacted funds represent a small fraction of their overall assets.
The exchange affirms that user funds remain secure and untouched. In the event of any affected users, they will be swiftly and thoroughly compensated.
“You have our solemn promise that a detailed timeline and comprehensive report about this incident will be shared with the community as swiftly as possible.”
In their tweet, CoinEx also conveyed that, for security reasons, deposit and withdrawal services will be temporarily suspended and will only be reinstated after a thorough review of the breach.
hey have committed to providing the community with a detailed timeline and a comprehensive report regarding the incident as soon as possible.
“Our priority has always been and will continue to be, the security and trust of our users. We deeply regret any distress this may have caused and assure you of our unwavering dedication to safeguarding your interests.”
Also, in its June, 2023 settlement with New York Attorney General Letitia James, CoinEx will refund over $1.7 million to New York investors and pay penalties. Additionally, the company is prohibited from operating in the state. This comes after James sued CoinEx for allegedly falsely representing itself as a crypto exchange and failing to register with the state of New York.