Share this article
North Korean Attackers Linked to $54M CoinEx Hack, Blockchain Data Suggests
A hot wallet of the crypto exchange used to hold users’ tokens was exploited by attackers on Tuesday.
Updated Sep 13, 2023, 11:43 a.m. Published Sep 13, 2023, 11:43 a.m.
North Korean attackers linked to a recent crypto exploit could be behind the latest crypto business security causality, according to data cited by blockchain sleuth ZachXBT and verified by CoinDesk.
CoinEx exchange was hacked for an estimated $27 million on Tuesday – a figure that later ballooned to $54 million worth of tokens drained from the exchange as details of several impacted wallets were released by the exchange through Wednesday afternoon.
STORY CONTINUES BELOW
#CoinExResponseUpdate - We've identified the 3rd series of suspicious wallet addresses linked to the hack:
— CoinEx Global (@coinexcom) September 13, 2023
We are working nonstop to track down the hackers' addresses. Here are the recently identified addresses:$BSC:
*0xC844F7178379782eC19F3EE6E399f2EB7b2b984F$ARB:…
The hackers siphoned ether , XRP, tron's TRX, MATIC, solana's SOL, kadena's KDA and dagger's XDAG tokens after exploiting a lax security measure on wallets used by the exchange. CoinEx has since released over 10 “suspicious” addresses on several networks, such as Ethereum, BNB Chain, and Arbitrum, where the tokens were transferred.
Analysis of these wallets by popular blockchain sleuth ZachXBT shows some transactions were routed to wallets that were involved in a $41 million exploit of crypto betting platform Stake earlier this month. Those wallets are linked to the North Korean attacker group Lazarus, infamous for targeting crypto businesses.
It appears North Korea is also responsible for the $54M @coinexcom hack from yesterday after they accidentally connected their address to the $41M Stake hack on OP & Polygon.
— ZachXBT (@zachxbt) September 13, 2023
0x75497999432b8701330fb68058bd21918c02ac59 pic.twitter.com/9qZPdc3yhT
Another address was seemingly directly funded by the Stake attacker earlier this week and then received tokens from the CoinEx attack,
Meanwhile, CoinEx said Wednesday that the impacted funds represented a small amount of total user holdings and that all remaining assets on the exchange “remained safe.”
The Samoa-registered CoinEx traded over $22 million across 730 offered trading pairs on its platform in the past 24 hours, data shows.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Solana’s Drift Launches v3, With 10x Faster Trades
With v3, the team says that about 85% of market orders will fill in under half a second, and liquidity will deepen enough to bring slippage on larger trades down to around 0.02%.
What to know:
- Drift, one of the largest perpetuals trading platforms on Solana, has launched Drift v3, a major upgrade meant to make on-chain trading feel as fast and smooth as using a centralized exchange.
- The new version will deliver 10-times faster trade execution thanks to a rebuilt backend, marking the largest performance jump the project has made so far.
Top Stories
