Overview
CoinEx International, a widely known cryptocurrency trade platform, has just lately fallen sufferer to a big safety breach. The exploit led to a loss estimated at roughly $54 million. Preliminary investigations recommend a doable compromise of personal keys, resulting in unauthorized fund transfers from the platform’s scorching wallets.
Tremendous Particulars of the Hack
- Hack Quantity: ~$54 million.
- Fund Motion:
- A CoinEx exploiter, recognized by the tackle (0x8bf8c), transferred ~6,558 ETH (equal to $10.4M) to the Externally Owned Account (EOA)
0x40cBe7580168d52b7FEC884120B31115c3F7E37E. - One other exploiter, with tackle fragment (0x483D8), shifted 1,453 ETH (valued at $2.3M) to EOA
0x1A61Df134d766f1e240FBFAEe79bBeCC04195f62.
Affected Sizzling Wallets (By Chain)
| $ETH: 0xce013682eddefaca8c94fe56a43a04212ebe4673 0x8bf8cd7F001D0584F98F53a3d82eD0bA498cC3dE 0xCC1AE485b617c59a7c577C02cd07078a2bcCE454 0x483D88278Cbc0C9105c4807d558E06782AEFf584 0x2118e4432d668aCFa347ddBA0efCcc6BB04DB297 0x1A61Df134d766f1e240FBFAEe79bBeCC04195f62 0x40cBe7580168d52b7FEC884120B31115c3F7E37E | $BTC: 1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH |
| $TRON: TP75t6owoqXxskLq6FB2R37PymNTmohq9L TPFUjxQzG88Vwynrpj2W61ZAkQ9W2QYgAQ$XRP | $XRP: rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf |
| $SOL: G3udanrxk8stVe8Se2zXmJ3QwU8GSFJMn28mTfn8t1kq | $BSC: 0x6953704e753C6FD70Eb6B083313089e4FC258A20 |
| $KDA: ok:a9f3672d7ad7a1e4592702d73b220cbc61db1fa17f89a56131d965bc03959913 | $BCH: qrgxyhj8rzl4l7fgauu6q6vtu2grct4jeyrnaq2s75 |
| $XDAY: 15VY3MadZvLpXhjzFXwCUmtZcHszju6L9 |
Breakup of Stolen Funds by Pockets Handle and Chain
Hack Evaluation
The unauthorized motion of funds from CoinEx’s scorching wallets signifies a severe safety breach, with preliminary proof pointing in direction of a possible compromise of personal keys.
Using a number of addresses within the hack suggests a complicated attacker, making monitoring and restoration tougher.
The distribution of stolen funds throughout completely different blockchain chains, reminiscent of ETH, TRON, BSC, BTC, and MATIC, signifies the hacker’s profound data of assorted blockchain ecosystems.
This multi-chain method additional complicates the method of tracing the stolen funds. Furthermore, the numerous sum shifted means that this wasn’t a spur-of-the-moment act however a well-planned exploit.
Extra Data
The 2 major addresses, CoinEx Fund Drainers:
- CoinEx Fund Drainer 1:
0xce013682eddefaca8c94fe56a43a04212ebe4673 - CoinEx Fund Drainer 2:
0xae88ac9800594b43ac25a57374a5dac3d183bbc1
have been discovered to have had deposit/withdrawal operations with outstanding cryptocurrency exchanges, Binance and HuobiGlobal, in 2021.
Such associations may imply these platforms may need been used both for cashing out or additional transferring the stolen funds.
Each Binance and HuobiGlobal may maintain transaction logs or further information associated to those addresses, which may show invaluable in tracing the motion of the stolen belongings.
Furthermore, there’s a noteworthy connection to a Twitter put up associated to the CoinEx Fund Drainer 2 tackle. This tweet or the account related may present additional insights or leads into the hack’s intricacies.
As per impartial safety researcher ZachXBT, the exploiter of Coinex International is linked with North-Korean hacking group accountable for exploiting cryptocurrency on line casino ‘Stake’. In a tweet he shared his findings relating to this.
There may be one other uncanny coincidence the place Coinex International exploiter bridged part of the stolen funds to the https://etherscan.io/tackle/0x964c192e54e5ef4176626875bb53071956579fca
which was in flip funded by one other tackle https://etherscan.io/tackle/0x75497999432b8701330fb68058bd21918c02ac59. This is similar tackle
which bought funds from the ‘Stake’ hacker on Polygon chain.
The Official Hack Response
- Instantly after the hack was found, CoinEx International began investigating the breach, a report on which might be printed as quickly as it’s accomplished.
- CoinEx International has assured that the affected makes use of will obtain 100% compensation for any loss because of this breach.
- To stem the hack, deposit & withdrawal providers have been quickly suspended till additional overview.
Writer: ImmuneBytes
Date: 2023-09-13 12:00:00
