CoinEx, a renowned cryptocurrency exchange, recently faced an alarming security breach. On September 12, the exchange witnessed massive outflows to a previously inactive address. Experts in the field quickly raised red flags, suspecting a potential hack. Cyvers Alerts, a trusted blockchain security platform, estimated the damage at a staggering $27 million.
Around 1:21 p.m. UTC, a significant transaction took place where a recognized CoinEx hot wallet sent about 4,947 Ether, valued at $7.9 million, to an Ethereum account. This account had remained dormant until this sudden influx.
But that wasn’t the end. The same CoinEx wallet moved vast sums of tokens to this mysterious address. The list included 408,741 Dai stablecoins, 2.7 million Graph tokens, and 29,158 Uniswap tokens.
PeckShield, a leading blockchain security firm, labeled this outflow “suspicious.” Adding to the concerns, Julio Moreno, CryptoQuant’s research head, found the CoinEx wallet’s behavior odd. He noted that the Ether reserves had dwindled to almost nothing.
By 5:25 pm UTC, CoinEx broke its silence through a tweet, the exchange acknowledged the unusual withdrawals. They stated, “Our Risk Control System detected unusual withdrawals from several hot wallet addresses storing CoinEx assets.” In response, the exchange established a dedicated team to investigate the matter.
CoinEx sought to reassure its users amidst the chaos. They emphasized that the siphoned-off cryptocurrency represents only a fraction of their reserves. Moreover, they pledged to compensate for any user losses from this breach.
Recently, New York authorities delivered a verdict requiring the Japanese exchange to pay a combined sum of $1.7 million in penalties and restitution. This decision came after the attorney general’s office lodged a lawsuit in February. They alleged that CoinEx breached the Martin Act by not registering with the state. Consequently, the judgment also mandated CoinEx to halt its operations in New York.