On September 12, CoinEx, a cryptocurrency exchange, faced a suspected security breach after a significant withdrawal occurred from four of its active wallets. The blockchain security company Cyvers was able to quickly identify and report this incident.
The breach caused losses totaling more than $27 million across the hot wallets, according to Cyvers Alert.
The fact that all of the stolen money was sent to a wallet with no prior transaction history instantly sparked suspicions for the security company, which led them to believe that CoinEx had been hacked.
According to Etherscan data, a series of sizable transfers involving different cryptocurrencies were started by the CoinEx hot wallet to a single address.
The first transaction in the sequence moved about 4,947 ethers, or about $7.9 million at the time. The next step was to use Uniswap to convert a number of other coins from the exchange wallet into Ethereum.
Then, a significant movement of tokens from the hot wallet to the same address included 408,741 DAI, 2.7 million Graph (GRT) tokens, 29,158 Uniswap (UNI) tokens, and numerous other tokens.
Additional transactions, according to Cyvers Alert, include the transfer of over $11.5 million in cryptocurrency assets to a Tron address and $295,000 in assets to a Polygon address. Over three distinct blockchain networks, this amounted to $27.4 million.
Addressing Security Breach, Assuring Fund Safety and Compensation Plans for Users
The Hong Kong-based cryptocurrency exchange CoinEx formally acknowledged the breach on Tuesday at 1:38 PM (ET) in a tweet, making it clear that the precise size of the loss has not yet been determined.
The post, with the headline “Urgent Notice: Security Incident on Coinex—Immediate Actions Underway,” alerted users to the circumstance.
“On September 12, 2023, our risk control system discovered suspicious withdrawals from a number of hot wallet addresses where Coinex’s exchange assets are kept. We quickly realised the seriousness of the situation and formed a specialised investigative team to look into it. Initial evaluations point to illegal transactions involving the digital currencies ETH, TRX, and MATIC.
Additionally, CoinEx urges users to maintain their composure by stressing that the affected funds make up only a small portion of their total assets.
The exchange reassures users that their money is safe and untouchable. Any users who are impacted will receive prompt and complete compensation.
You have our earnest assurance that the community will be informed as soon as feasible about a complete timeline and report regarding this incident.
CoinEx also noted in their tweet that deposit and withdrawal services would be temporarily paused due to security concerns and would only be restored following a careful investigation of the breach.
They have promised to give the neighbourhood a thorough report on the occurrence as well as a complete timetable as soon as they can.
Our users’ security and trust have always been and will always be our top priorities. We sincerely apologise for any inconvenience this may have caused and want to reassure you that your interests are our top priority.
In addition, CoinEx will pay fines and repay over $1.7 million to New York investors as part of their June 2023 deal with New York Attorney General Letitia James. The business is also not allowed to operate in the state. James had previously filed a lawsuit against CoinEx, alleging that it had misrepresented itself as a cryptocurrency exchange and omitted to register with the state of New York.