Share this article
North Korean Attackers Linked to $54M CoinEx Hack, Blockchain Data Suggests
A hot wallet of the crypto exchange used to hold users’ tokens was exploited by attackers on Tuesday.
Updated Sep 13, 2023, 11:43 a.m. Published Sep 13, 2023, 11:43 a.m.
North Korean attackers linked to a recent crypto exploit could be behind the latest crypto business security causality, according to data cited by blockchain sleuth ZachXBT and verified by CoinDesk.
CoinEx exchange was hacked for an estimated $27 million on Tuesday – a figure that later ballooned to $54 million worth of tokens drained from the exchange as details of several impacted wallets were released by the exchange through Wednesday afternoon.
STORY CONTINUES BELOW
#CoinExResponseUpdate - We've identified the 3rd series of suspicious wallet addresses linked to the hack:
— CoinEx Global (@coinexcom) September 13, 2023
We are working nonstop to track down the hackers' addresses. Here are the recently identified addresses:$BSC:
*0xC844F7178379782eC19F3EE6E399f2EB7b2b984F$ARB:…
The hackers siphoned ether , XRP, tron's TRX, MATIC, solana's SOL, kadena's KDA and dagger's XDAG tokens after exploiting a lax security measure on wallets used by the exchange. CoinEx has since released over 10 “suspicious” addresses on several networks, such as Ethereum, BNB Chain, and Arbitrum, where the tokens were transferred.
Analysis of these wallets by popular blockchain sleuth ZachXBT shows some transactions were routed to wallets that were involved in a $41 million exploit of crypto betting platform Stake earlier this month. Those wallets are linked to the North Korean attacker group Lazarus, infamous for targeting crypto businesses.
It appears North Korea is also responsible for the $54M @coinexcom hack from yesterday after they accidentally connected their address to the $41M Stake hack on OP & Polygon.
— ZachXBT (@zachxbt) September 13, 2023
0x75497999432b8701330fb68058bd21918c02ac59 pic.twitter.com/9qZPdc3yhT
Another address was seemingly directly funded by the Stake attacker earlier this week and then received tokens from the CoinEx attack,
Meanwhile, CoinEx said Wednesday that the impacted funds represented a small amount of total user holdings and that all remaining assets on the exchange “remained safe.”
The Samoa-registered CoinEx traded over $22 million across 730 offered trading pairs on its platform in the past 24 hours, data shows.
Más para ti
Lo que debes saber:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Más para ti
Stripe-Backed Blockchain Tempo Starts Testnet; Kalshi, Mastercard, UBS Added as Partners
Tempo, built by Stripe and Paradigm, has started testing payment-focused blockchain and has onboard a slew of institutional partners.
Lo que debes saber:
- Stripe and Paradigm’s Tempo blockchain has launched its public testnet for real-world payment testing.
- Kalshi, Klarna, Mastercard and UBS are among a wave of new institutional partners now involved in the project.
- Tempo aims to offer low-cost, fast-settlement infrastructure for global payments as stablecoin adoption is accelerating globally.
Top Stories
