Topic: Coinex hacked, ~$70M stolen (Read 406 times)
This is an exchange I have had good experiences using.
It is the next rising star to take the place of the freedom Kucoin used to give people.
Thanks Coinex for all you are doing !!!
Global Protection - Canadian Citizen living in Belize now
Good to hear that people are able to withdraw their money, and hopefully some of those affected learned a valuable lesson not to use centralized ecxhange for storing their crypto.
We can't blame them since most of the traders these days are looking for exchanges where KYC is not mandatory like Coinex.By the way, I assume that you were able to withdraw your money fully?
Yes, most of the coins right now can be able to withdrawn except for the remaining 300+ coins/tokens according to the OmegaStarScream statement above.
I confirmed that the deposit and withdrawal are resumed but only 190 Crypto can able to withdraw according to the Coinex support on telegram and they will gradually resume deposit and withdrawal for 500+ cryptos within 5 working days.
Good to hear that people are able to withdraw their money, and hopefully some of those affected learned a valuable lesson not to use centralized ecxhange for storing their crypto. By the way, I assume that you were able to withdraw your money fully?
I confirmed that the deposit and withdrawal are resumed but only 190 Crypto can able to withdraw according to the Coinex support on telegram and they will gradually resume deposit and withdrawal for 500+ cryptos within 5 working days.
-snip-
-snip-
They actually announced a couple of hours ago that it's now +340 crypto/tokens. Here's the list of assets/networks[1]. I guess that's good enough, even if someone has something he can't withdraw, he can always trade that to something else, and withdraw it.
[1] https://www.coinex.com/en/fees?type=deposit
Some good news for those who have their funds stuck[1], you should be able to withdraw your funds starting tomorrow (21th September, 8:00 UTC). Make sure to not use any of your previous deposit addresses if you're planning to continue to use the exchange, because they won't be credited to your account.
I confirmed that the deposit and withdrawal are resumed but only 190 Crypto can able to withdraw according to the Coinex support on telegram and they will gradually resume deposit and withdrawal for 500+ cryptos within 5 working days.
To those who deposited last week that weren't credited to their account, you should submit a request to Coinex support including the screenshot of the transaction from the wallet and the transaction ID.
Here's the link where you can request below and then issue type "Deposit not credited"
- https://support.coinex.com/hc/requests/new
Poking around a bit and talking out my A$$ but I don't think the wallets were actually compromised but the back end that talked to the wallets. More like the withdrawal server was compromised. There were other tokens and things associated with a few of those addresses that were not moved until coinex moved them hours later.
Could be I'm missing something obvious, but if they had access to the wallet server(s) and the private keys everything in those addresses would be gone. IMO.
So their 'preliminarily determined that the cause of the incident was the leakage of the hot wallet private key' is either wrong OR the people who took the money were incompetent OR as I said, I am missing something.
-Dave
Could be I'm missing something obvious, but if they had access to the wallet server(s) and the private keys everything in those addresses would be gone. IMO.
So their 'preliminarily determined that the cause of the incident was the leakage of the hot wallet private key' is either wrong OR the people who took the money were incompetent OR as I said, I am missing something.
-Dave
Some good news for those who have their funds stuck[1], you should be able to withdraw your funds starting tomorrow (21th September, 8:00 UTC). Make sure to not use any of your previous deposit addresses if you're planning to continue to use the exchange, because they won't be credited to your account.
[1] https://announcement.coinex.com/hc/en-us/articles/19319131621908-CoinEx-Will-Resume-Deposit-and-Withdrawal-Services-of-BTC-ETH-USDT-USDC-etc-Estimated-on-Sep-21-2023
[1] https://announcement.coinex.com/hc/en-us/articles/19319131621908-CoinEx-Will-Resume-Deposit-and-Withdrawal-Services-of-BTC-ETH-USDT-USDC-etc-Estimated-on-Sep-21-2023
This can easily be referred to as an “inside work” hypothesis, especially since it will not be possible to prove otherwise if the identity of the hacker is not known, or at least the method through which the hacking occurred.
I don't think that "inside job" is a valid theory in this case if what they are saying is true, that hackers used address connected with the recent Stake hack.I have been following the updates since yesterday, and there is no talk about ongoing investigations or possible hypotheses about how the hackers were able to access the private keys of the platform’s hot wallet, or about ways to track the stolen funds after the addresses to which they were sent were identified.
The only ones who can give answers to that are Coinex people and since it happened only few days ago, it will take some time before we get an official explanation what exactly happened there. Then again, this official explanation might be a bullshit story too in order for them to look good. In the end, how hack happened is not as important as a lesson I hope some people learned, not to store their coines on centralized exchange. 
Quote
We solemnly pledge to compensate all affected users 100%.
This is what CoinEx is saying, is it possible for them to lose over $70m and still compensate every user who lost funds 100%, or is this just 'good' PR so those who are affected would remain calm, i find this 100% compensation thingy very hard to believe.CoinEx is not a big exchange, so i don't believe that a $70m loss is:
Quote
a small portion of our total assets
We'll see what they plan on doing in the coming months and if they are true to their words. These amounts can be considered huge compared to the market value of the platform and its daily trading volume. The platform is not popular compared to its competitors, Binance, Coinbase, and others. Therefore, their success in securing users’ lost deposits will strengthen their position in the market.
This can easily be referred to as an “inside work” hypothesis, especially since it will not be possible to prove otherwise if the identity of the hacker is not known, or at least the method through which the hacking occurred.
I have been following the updates since yesterday, and there is no talk about ongoing investigations or possible hypotheses about how the hackers were able to access the private keys of the platform’s hot wallet, or about ways to track the stolen funds after the addresses to which they were sent were identified.
- 70M $ in assets has been lost.
Time to update the guess title I guess. 
This is what CoinEx is saying, is it possible for them to lose over $70m and still compensate every user who lost funds 100%, or is this just 'good' PR so those who are affected would remain calm, i find this 100% compensation thingy very hard to believe.
It remains to be seen, but considering the fact that amount lost is almost the 3x bigger than their daily trading volume, I would be very surprised if everyone gets their money out fast. Fingers crossed though.Are people who still leave their funds in exchanges seeing these recent events: https://remitano.com/forum/ng/134684-latest-updates-on-recent-security-incident-on-remitano
It doesn't matter. Even if what hapepned to FTX happens to Binance/Coinbase, people would still store their money on centralized exchanges. Barely anyone (including those that lost money there) learned any lesson from Mt.Gox fiasco so why would now be any different? 
Quote
We solemnly pledge to compensate all affected users 100%.
This is what CoinEx is saying, is it possible for them to lose over $70m and still compensate every user who lost funds 100%, or is this just 'good' PR so those who are affected would remain calm, i find this 100% compensation thingy very hard to believe.CoinEx is not a big exchange, so i don't believe that a $70m loss is:
Quote
a small portion of our total assets
We'll see what they plan on doing in the coming months and if they are true to their words. Are people who still leave their funds in exchanges seeing these recent events: https://remitano.com/forum/ng/134684-latest-updates-on-recent-security-incident-on-remitano
So they just released this a couple of minutes ago: https://coinex.medium.com/coinex-updates-on-recent-hot-wallets-hack-780a600dc846
But in short:
- 70M $ in assets has been lost.
- They're planning to finalize the wallet upgrades by next week, and gradually resume withdrawals.
- Users funds will be compensated fully.
But in short:
- 70M $ in assets has been lost.
- They're planning to finalize the wallet upgrades by next week, and gradually resume withdrawals.
- Users funds will be compensated fully.
Can someone tell me if these "hot wallet private keys" are just saved on their platform's server, i mean on their hosting servers for them to control the withdrawal on their user's daily withdrawal, then just replenish the addresses if it lacks balance on it. Because if its the case then it'a easy much easier for hacker to compromised such thing.
Hackers can steal money in two ways: either by accessing the servers of the deposits and withdrawals system, that is, accessing the private keys and withdrawing currencies, or by manipulating the basic system so that the deposits and withdrawals system sends a withdrawal order for a specific amount to the hackers’ address.
I do not know how the hack occurred, if it was to the system of deposits and withdrawals, then in most cases after restoring the system, users will be asked to stop using the old addresses, but if it is in the basic system, then in most cases users will not be asked.
The exchange just issued an official statement about the matter[1]. According to them this is just a small "amount" of what their reserves have, and affected users will be compensated. Am I the only one who finds this a bit hard to believe?
One of the Tweets mentions:
Quote
We assure all users: your assets are secure and untouched.
When you come up with this kind of bs after 40 million in coins definitely leaving your wallets it's pretty hard for anyone to take them seriously on this matter. No, the assets are not secure and are not untouched, as we speak they are getting touched by thousands of people in some swaps. I do kind of feel bad for Coinex being a relative old guard exchange but with the amount of shitcoins it listed it never managed to ure me into creating an account.
And here comes the usual stuff, united we stand, we will overcome, we need more time to investigate, c ya!
https://twitter.com/coinexcom/status/1702563038296154415
According to the statement, the cause of the incident was the leakage of the hot wallet private key, and the assets in CoinEx cold wallet have not been affected.
Can someone tell me if these "hot wallet private keys" are just saved on their platform's server, i mean on their hosting servers for them to control the withdrawal on their user's daily withdrawal, then just replenish the addresses if it lacks balance on it. Because if its the case then it'a easy much easier for hacker to compromised such thing.There's not much to say here. Obviously, if they wanted automatic withdrawals from the platform, they'd need to store the private keys for transaction authorization somewhere. We don't know how they kept these keys secure or who could access them. The leak might have been due to hacking or simply an inside job.
The platform confirms that all those affected will be compensated and that the hack was only able to acquire a small portion of the total assets on the platform’s hot wallets.
Good thing if it's the case, or it's just a cover up story to let its users not to panic, but let's hope it's the other way around.According to the statement, the cause of the incident was the leakage of the hot wallet private key, and the assets in CoinEx cold wallet have not been affected.
Can someone tell me if these "hot wallet private keys" are just saved on their platform's server, i mean on their hosting servers for them to control the withdrawal on their user's daily withdrawal, then just replenish the addresses if it lacks balance on it. Because if its the case then it'a easy much easier for hacker to compromised such thing.
In the latest update issued by the blockchain analysis company PeckShieldAlert, it is reported that the CoinEx platform has lost the equivalent of $43 million, which is the total assets on different network chains.
https://twitter.com/PeckShieldAlert/status/1701731944340562107
Referring to the latest updates from the CoinEx platform, this number of losses was not announced, but rather it was announced that only the equivalent of $31 million was lost and that the addresses used by the hacker were identified. The platform confirms that all those affected will be compensated and that the hack was only able to acquire a small portion of the total assets on the platform’s hot wallets.
Currently, all deposits and withdrawals have been suspended until it will be announced, and this in itself is considered a loss for users who have lost access to their savings, and they will certainly not be compensated due to the disruption.
It is a new opportunity to remind once again that one of the most dangerous steps is using platforms for long-term storage of a large value of assets.
https://twitter.com/PeckShieldAlert/status/1701731944340562107
Referring to the latest updates from the CoinEx platform, this number of losses was not announced, but rather it was announced that only the equivalent of $31 million was lost and that the addresses used by the hacker were identified. The platform confirms that all those affected will be compensated and that the hack was only able to acquire a small portion of the total assets on the platform’s hot wallets.
Currently, all deposits and withdrawals have been suspended until it will be announced, and this in itself is considered a loss for users who have lost access to their savings, and they will certainly not be compensated due to the disruption.
It is a new opportunity to remind once again that one of the most dangerous steps is using platforms for long-term storage of a large value of assets.
There's been a recent announcement from the CoinEx Team just two hours ago. These assets in the CoinEx wallet have been impacted by the incident:
https://announcement.coinex.com/hc/en-us/articles/19187420867348-Latest-Progress-of-the-Hacking-Attack-on-Sep-12-2023-Updated-on-Sep-14-
According to the statement, the cause of the incident was the leakage of the hot wallet private key, and the assets in CoinEx cold wallet have not been affected.
https://announcement.coinex.com/hc/en-us/articles/19187420867348-Latest-Progress-of-the-Hacking-Attack-on-Sep-12-2023-Updated-on-Sep-14-
According to the statement, the cause of the incident was the leakage of the hot wallet private key, and the assets in CoinEx cold wallet have not been affected.
Hm are you sure? In one of their tweets Coinex mentioned this BTC address ( 1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH) as part of the hack and there's currenly 231 BTC there worth almost 6 million dollars.
I searched some articles and they did not mention Bitcoin. I activated notifications on the scammer’s address: https://blockchair.com/bitcoin/address/1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH. I think they will use one of the available mixing services, to see what is the best alternative to CM that these hackers prefer to use. 54 million is not a small and I fear that companies depositing their currencies with Coinex will exploit it by withdrawing all liquidity in the coming days, which may lead to bankruptcy.@Rikafip. It appears your joke on the hack being done by the Lazarus group was really a good prediction hehehe.
Well, they usually blame them for these type of hacks so it was pretty much safe guesstimate However the skeptical me asks, is it confirmed that the hackers who hacked stake.com are really done by the Lazarus group?
I don't think that is possible to confirm with 100% certainty that they were behind Stake hack. Iirc, "evidence" was more in style that it has elements of classsic Lazarus Group attack or soemthing similar among those lines. Also, I am very much in doubt that the hackers would accidentally connect their addresses by mistake. This might be intentional.
Maybe, mabe not. Even smart/capable people do stupid things sometime. Jump to: