Connect with us
Active Currencies 14284
Market Cap $2,526,813,413,354.10
Bitcoin Share 51.72%
24h Market Cap Change $0.50

CoinEx hacks linked to North Korea’s Lazarus amid third breach

2min Read

New data indicates that Lazarus, a North Korean criminal enterprise, may be behind the attack against CoinEx. The information comes as the exchange was hit a third time.

Share this article

  • Lazarus group suspected of the attacks on CoinEx.
  • A third wave of attack hit the exchange.

According to recent data, the hacker group Lazarus could be behind the attacks on crypto exchange CoinEx. SlowMist, a blockchain cybersecurity firm, stated in a tweet that the CoinEx attackers may have ties to the North Korean hackers known as the Lazarus group.

Lazarus rises again

According to SlowMist, Lazarus is also behind the attacks on crypto betting platform and crypto payment provider Alphapo. They explained their suspicion through a twitter thread.

SlowMist stated that initially Alphapo Exploiter swapped TRX for ETH and bridged to the address (0x22be3b0a943b1bc0ea3aec2cb3ef511f3920a98d) via TransitSwap. So, this address (0x22b…98d) is tagged as Alphapo Exploiter on the ETH chain.

Interestingly, the same address (0x22b…98d) is tagged as Stake Exploiter on the BSC chain.

Separately, another address (0x754…c59) which is tagged as CoinEx Exploiter on the ARB and OP chains is also tagged as Stake Exploiter on the Polygon chain. This suggested that the same address is being used for two exploits.

Given that the FBI has previously linked the Stake Exploiter to the North Korean hackers Lazarus Group, it is plausible that all three exploiters – Alphapo, CoinEx, and Stake – may be associated with this group according to SlowMist.

A large record

Besides its recent exploitation, Lazarus has a history of criminal activities. Before targeting Stake, they stole $60 million from crypto payment providers Alphapo and CoinsPaid.

In June, Lazarus pulled off its largest heist of the year, siphoning off $100 million from another wallet provider, Atomic Wallet. Furthermore, the group’s hackers infiltrated an American IT company, JumpCloud, and used it to target cryptocurrency companies, according to a Reuters report.

A third wave strikes

Initially, it was assumed that the hackers struck twice and ended up escaping with the funds. However, a recent update from the CoinEx team stated that there was a subsequent third attack on the protocol, this time exploiting BSC, ARB, OP wallets amongst many others.

It is still unclear how much of the funds were actually drained. TRX was one of the tokens that was the largest steal in the previous attacks. But this did not have an impact on TRX prices much.

However, the weighted sentiment for TRX declined significantly, which would point to the fact that the bears could come for the token in the future.

Source: Santiment


Himalay is a full-time journalist at AMBCrypto. A Computer Science graduate, Himalay writes about crypto with a special focus on the latest coin-based updates. He is a fan of gonzo journalism, transgressive fiction, heavy metal, and Manchester United.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.