Cryptocurrency exchange CoinEx could be the latest high-profile crypto entity to fall victim to a hack, with several Twitter accounts flagging over $27 million worth of suspicious token outflows.
A hot wallet associated with Coinex transferred $27 million worth of tokens to a wallet with no previous transaction history.
Has CoinEx Been Hacked? Crypto Twitter Thinks So
CoinEx began experiencing abnormally large outflows on the 12th of September, with funds being directed to a wallet with no prior history. This led to security experts suspecting that the exchange was hacked. Cyvers Alerts, a blockchain security platform, estimated that losses due to the suspected hack are around $27 million. Cyvers stated in a post on X,
“Red CodeOur AI-powered model detected suspicious transactions related to @coinexcom 2 hours ago. The potentially stolen funds amount to $18.12M #Eth, $8.5M #Tron, and $291K in #Polygon. Possible causes: access control violations, private key leakage, rug pulling, insider job.”
The apparent hack occurred at 1:21 PM UTC when the CoinEx wallet transferred around 4947 ETH, worth around $7.9 million, to an unknown Ethereum account. The account that received the transaction had no prior history apart from the transaction mentioned above. Immediately after this transaction, the CoinEx wallet started transferring large quantities of tokens to the same wallet. The wallet transferred an additional 408,741 DAI, 2.7 million Graph (GRT) tokens, 29,158 Uniswap (UNI) tokens, along with several others.
Wu Blockchain, PeckShield Also Flag Transactions
Wu Blockchain also flagged the transactions, stating that CoinEx was suspected of being hacked and had so far lost around $27.8 million across Ethereum (ETH), Tron (TRX), and Polygon (MATIC).
“Breaking: The crypto exchange CoinEX is suspected of being hacked, and so far, its ETH, TRON, and Polygon hot wallets have lost more than $27.8 million.”
Wu Blockchain further added that CoinEx was reportedly moving assets from the compromised hot wallets to a secure cold storage address. Other cybersecurity accounts on X have pointed to a specific Etherscan page as more evidence of a suspected hack. PeckShield, a blockchain security firm, has also called the outflows suspicious. At the same time, Julio Moreno, the head of research at CryptoQuant, stated that the behavior of the CoinEx wallet in question was highly suspect, as its ETH reserves were practically zero.
CoinEx Confirms Suspicious Withdrawals
At around 4:25 PM UTC, CoinEx took to X (formerly Twitter) to confirm that it had experienced suspicious withdrawals. The crypto exchange stated that its Risk Control System had detected several anomalous withdrawals from hot wallets used to store exchange assets. The exchange added that it had formed an investigative team to determine what led to the transfers.
“Urgent Notice: Security Incident on CoinEx - Immediate Actions Underway On the 12th of September, 2023, our Risk Control System detected anomalous withdrawals from several hot wallet addresses used to store CoinEx’s exchange assets. Promptly recognizing the gravity of the situation, we immediately established a special investigative team to delve into the matter.”
The exchange further added that its preliminary assessments indicated that the unauthorized transactions primarily involved ETH, TRON, and MATIC. While the precise amount that was lost is still being determined, the platform assured users that the impacted funds are a small portion of CoinEx’s total assets.
“Preliminary assessments indicate unauthorized transactions involving $ETH, $TRON, and $MATIC. The precise amount of the loss is still being determined, and the affected fund is just a very small portion of CoinEx’s total assets.”
CoinEx also assured users that their assets were completely secure. It further added that any affected party would receive 100% compensation for any loss due to the breach.CoinEx also suspended deposits and withdrawals, adding that they would be resumed after a thorough security review by the platform.
“We assure all users: your assets are secure and untouched. Affected parties will receive 100% compensation for any loss due to this breach. For added security, deposit & withdrawal services are temporarily suspended and will resume after a thorough review.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.