Hong Kong-based cryptocurrency exchange CoinEx has revealed that compromised private keys allowed hackers to steal more than $70 million in tokens as the team looks to open lines of communication to retrieve the funds.
CoinEx representatives unpacked the finer details of their ongoing investigation into Cointelegraph as the team works to build and deploy a new wallet architecture to restore affected users and platform functionality. .
Despite the estimated $70 million worth of cryptocurrency stolen from the platform, the exchange claims that this amount represents a small percentage of the total assets under management. CoinEx stated that affected users will be reimbursed in full for any lost funds.
2/ We have finalized our strategy to resume withdrawals and are scheduled to resume these services within 7 working days. Ensuring 100% asset security remains our top priority before activating backup tools.
— CoinEx Global (@coinexcom) September 18, 2023
CoinEx said it was still investigating the identity of those responsible for the security breach, which some blockchain security companies attributed to the North Korean Lazarus Group hackers.
“Furthermore, we have opened communication channels with hackers in the hope of actively engaging in a mutual resolution.”
The exchange explained that a preliminary investigation points to the cause of a compromised private key for its hot wallets. It is used to store exchange assets for carrying deposits and withdrawals.
Related: New York bans CoinEx exchange, seizes $1.7M in crypto assets
CoinEx suspended its withdrawal service to prevent further losses, patched system vulnerabilities and transferred remaining assets from affected hot wallets. The exchange told Cointelegraph that it expects withdrawals to proceed progressively within seven working days.
“Our team is now focused on building and deploying a new and robust wallet system to manage activities within 211 chains and 737 assets.”
As Cointelegraph first reported, CoinEx first flagged an “anomalous withdrawal” from one of its hot wallets on Sept. 12, starting with the transfer of 4,947 Ether (ETH). The hackers then started withdrawing large amounts of other tokens to the same address.
The amount of stolen funds was initially estimated at $27 million but doubled a week after the incident.
North Korean hackers have been preying on the cryptocurrency space for the past few years and are responsible for the biggest heists in the space to date. The 2022 Axie Infinity Ronin Bridge hack alone saw over $650 million stolen.
Blockchain analytics firm Chainalysis estimates that North Korean hackers stole about $340 million in cryptocurrency by 2023. This number is expected to rise with the attributions made by the CoinEx hack as well as a $41 million hack on the platform of gambling cryptocurrency Stake on Sept.
Magazine: Web3 Gamer: PUBG devs’ Web3 project, Animoca’s $20M raise, Shardbound review