CoinEx $55M attack reveals North Korea’s Lazarus Group cyber espionage

Getting your Trinity Audio player ready...

North Korea’s Lazarus Group has been linked to the $55 million attack on CoinEx digital currency exchange following a postmortem of the incident.

According to a report by on-chain analysis firm SlowMist, the state-backed hacking enterprise played a prominent role in the attack against the exchange, “accidentally” leaving a trail. Per the report, Lazarus Group inadvertently exposed its address and used it as a conduit to drain CoinEX’s funds.

SlowMist says it carefully observed the attacks carried out by the Lazarus Group and monitored the money trail. Previously, Lazarus Group was linked to the exploits against Stake.com and Optimism by the U.S. Federal Bureau of Investigation (FBI), netting gains reaching millions of dollars.

SlowMist disclosed that it identified the same address used in Stake.com’s exploit in moving the illicit funds.

“It appears North Korea is also responsible for the $54 million CoinEX hack from yesterday after they accidentally connected their address to the $41 million Stake hack on OP & Polygon,” said X user ZachXBT, corroborating SlowMist’s report.

SlowMist added that the funds were drained in several digital currencies, including BTC, Solana (SOL), Ethereum (ETH), Stellar (XLM), and Polygon (MATIC), among others. In a single transaction, 231 BTC, valued at $5.9 million, was transferred to a wallet widely believed to be linked with Lazarus Group. 

In the hours following the hack, CoinEX temporarily suspended deposits and withdrawals as a security measure, noting that most users’ funds were unaffected by the breach. The exchange added that it would reimburse any users adversely affected by the breach, pledging to unveil a comprehensive report in the coming weeks.

Since the attack, several on-chain security firms have rallied to CoinEX’s aid to track and recover the assets. CoinEx’s $55 million attack brings the total funds lost to hacks to well over $1 billion since January, showing little to no signs of slowing down. 

Lazarus Group is on a hot streak

Lazarus Group is riding the wave of a hacking spree that has seen it net well over $1 billion in the last 12 months. According to a Chainalysis report, the hacking syndicate reached its zenith in 2022 after scoring impressive wins against a series of digital currency projects and financial entities in Japan. 

In 2023, the hacking group was fingered in the hacks against Harmony’s Bridge and Atomic Wallet, breaches that may have netted the bad actors more than $200 million.

Experts opine that the stolen funds are channeled into developing North Korea’s nuclear weapons, given the extent of international sanctions against the pariah state.

Watch: Sentinel Node – Blockchain Tools to Improve Cybersecurity