Connect with us

Hi, what are you looking for?



North Korean Hackers Steal $53 Million in Cryptocurrency From CoinEx

North Korean hackers stole $53 million in cryptocurrency from crypto exchange CoinEx after the hot wallet private key was leaked.

North Korean hackers are suspected of stealing roughly $53 million worth of cryptocurrency from crypto exchange CoinEx, after a private key was leaked.

The incident was identified on September 12, when the exchange observed “anomalous withdrawals from several hot wallet addresses” in which CoinEx was temporarily storing user assets.

“It is currently preliminarily determined that the cause of the incident was the leakage of the hot wallet private key,” the company explains in an incident notification.

Immediately after identifying the attack, the exchange transferred the remaining assets in the targeted hot wallets to cold storage, suspended all deposit and withdrawal services, and shut down the hot wallet server.

CoinEx says it has started rebuilding and redeploying the wallet system and that deposit and withdrawal services will resume incrementally.

The exchange has published a list of suspicious cryptocurrency addresses involved in the attack, urging relevant project teams and fellow exchanges to help it in freezing the attackers’ funds.

“We are actively collaborating with the affected crypto projects to formulate a solution. Furthermore, we urge crypto projects and our fellow crypto exchanges to remain vigilant. If you detect any unusual or related activities from the aforementioned wallet addresses, please contact us immediately,” the exchange said on social media.

Advertisement. Scroll to continue reading.

While CoinEx did not share details on the stolen amounts, organizations tracking the involved crypto addresses have determined that roughly $53 million in Bitcoin, Ethereum, Smart Chain Coin, TRON, and other cryptocurrency was stolen in the heist.

Web3 security firm CertiK notes that at least $377 million worth of cryptocurrency have been stolen this year as result of private key compromises, and says that North Korea-linked hacking group Lazarus is the culprit.

The security firm has identified a connection between the recent Atomic Wallet, Alphapo, CoinsPaid,, and CoinEx heists, all of which were the result of private key leakage, and all seemingly the work of Lazarus.

“Historical data, including the Ronin Bridge and CoinsPaid exploits, pinpoints the Lazarus Group’s modus operandi: spear-phishing targeting Web3 company personnel to hijack sensitive credentials. Employees in the Web3 sphere need to be acutely vigilant of unsolicited job pitches, especially those boasting overly lucrative compensation packages,” CertiK notes.

Related: FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers

Related: GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees

Related: JumpCloud Cyberattack Linked to North Korean Hackers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...