On September 12, 2023, at 14:18 (UTC), Cyvers Alerts tweeted about suspicious withdrawals from CoinEx Exchange. ETH, TRON, MATIC, and more crypto assets were being moved from CoinEx’s hot wallets to unknown addresses, triggering concerns of a potential hack.
CoinEx promptly addressed the situation on Twitter at 17:38 on the same day. In their official statement, they revealed that their Risk Control System had detected unusual withdrawals from multiple hot wallet addresses where CoinEx stored its exchange assets. In response, the CoinEx team established a dedicated investigation team to thoroughly investigate the incident. Furthermore, they assured their users that they would provide 100% compensation for any losses incurred as a result of this security breach.
On September 12, at 18:20 (UTC), CoinEx took further action by revealing the initial group of hacker wallet addresses through a Twitter announcement and sought assistance from various blockchain organizations to freeze them.
The suspicious addresses are listed below:
$ETH:
0xce013682eddefaca8c94fe56a43a04212ebe4673
0x8bf8cd7F001D0584F98F53a3d82eD0bA498cC3dE
0xCC1AE485b617c59a7c577C02cd07078a2bcCE454
0x483D88278Cbc0C9105c4807d558E06782AEFf584
$BTC:
1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH
$TRON:
TP75t6owoqXxskLq6FB2R37PymNTmohq9L
TPFUjxQzG88Vwynrpj2W61ZAkQ9W2QYgAQ$XRP:
rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf
CoinEx disclosed the second batch of hacker addresses they identified at 2:41 on September 13:
$ETH:
0x2118e4432d668aCFa347ddBA0efCcc6BB04DB297
0x1A61Df134d766f1e240FBFAEe79bBeCC04195f62
0x40cBe7580168d52b7FEC884120B31115c3F7E37E
$XRP:
rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf
$SOL:
G3udanrxk8stVe8Se2zXmJ3QwU8GSFJMn28mTfn8t1kq
$BSC:
0x6953704e753C6FD70Eb6B083313089e4FC258A20
$KDA:
k:a9f3672d7ad7a1e4592702d7 3b220cbc61db1fa17f89a56131d965bc03959913
$BCH:
qrgxyhj8rzl4l7fgauu6q6vtu2grct4jeyrnaq2s75
$XDAG:
15VY3MadZvLpXhjzFXwCUmtZcHszju6L9
CoinEx has disclosed three separate batches of hacker wallet addresses and has reached out to relevant project teams and exchanges, urging them to monitor and freeze these suspicious addresses.
CoinEx users have expressed concerns as they are currently unable to withdraw funds from the exchange. However, CoinEx has reassured its users that, in the interest of asset security, withdrawals will resume once the hacker addresses are fully identified and isolated following a comprehensive review. The CoinEx team has emphasized that user assets remain secure and untouched during this process.
It’s important to note that hot wallets, unlike cold wallets which are kept offline and are generally more secure, are susceptible to hacking attempts. Over the past few years, there have been numerous incidents of exchange hacks and coin theft, which have raised significant concerns about blockchain security. The challenge of finding effective ways to protect against hackers remains an ongoing issue for crypto exchanges.
At the time of this writing, CoinEx is still assessing the extent of the losses incurred due to this security breach. We will continue to closely monitor the situation and provide updates as soon as they become available.
