Home Web3 SecurityCrypto Hacks & Exploits CoinEx Global Exploit – Sep 12, 2023-Detailed Hack Analysis

CoinEx Global Exploit – Sep 12, 2023-Detailed Hack Analysis

by ImmuneBytes


CoinEx Global, a well-known cryptocurrency exchange platform, has recently fallen victim to a significant security breach. The exploit led to a loss estimated at approximately $54 million. Preliminary investigations suggest a possible compromise of private keys, leading to unauthorized fund transfers from the platform’s hot wallets.

Fine Details of the Hack

  • Hack Amount: ~$54 million.
  • Fund Movement:
  • A CoinEx exploiter, identified by the address (0x8bf8c), transferred ~6,558 ETH (equivalent to $10.4M) to the Externally Owned Account (EOA) 0x40cBe7580168d52b7FEC884120B31115c3F7E37E.
  • Another exploiter, with address fragment (0x483D8), shifted 1,453 ETH (valued at $2.3M) to EOA 0x1A61Df134d766f1e240FBFAEe79bBeCC04195f62.

Affected Hot Wallets (By Chain)


Breakup of Stolen Funds by Wallet Address and Chain

Hack Analysis

The unauthorized movement of funds from CoinEx’s hot wallets indicates a serious security breach, with preliminary evidence pointing towards a potential compromise of private keys.

The use of multiple addresses in the hack suggests a sophisticated attacker, making tracking and recovery more challenging.

The distribution of stolen funds across different blockchain chains, such as ETH, TRON, BSC, BTC, and MATIC, indicates the hacker’s profound knowledge of various blockchain ecosystems.

This multi-chain approach further complicates the process of tracing the stolen funds. Moreover, the significant sum shifted suggests that this wasn’t a spur-of-the-moment act but a well-planned exploit.

Additional Information

The two primary addresses, CoinEx Fund Drainers:

  • CoinEx Fund Drainer 1: 0xce013682eddefaca8c94fe56a43a04212ebe4673
  • CoinEx Fund Drainer 2: 0xae88ac9800594b43ac25a57374a5dac3d183bbc1

were found to have had deposit/withdrawal operations with prominent cryptocurrency exchanges, Binance and HuobiGlobal, in 2021.

Such associations could mean these platforms might have been used either for cashing out or further transferring the stolen funds.

Both Binance and HuobiGlobal might hold transaction logs or additional data related to these addresses, which could prove invaluable in tracing the movement of the stolen assets.

Moreover, there’s a noteworthy connection to a Twitter post related to the CoinEx Fund Drainer 2 address. This tweet or the account associated might provide further insights or leads into the hack’s intricacies.

As per independent security researcher ZachXBT, the exploiter of Coinex Global is connected with North-Korean hacking group responsible for exploiting cryptocurrency casino ‘Stake’. In a tweet he shared his findings regarding this.

There is another uncanny coincidence where Coinex Global exploiter bridged a part of the stolen funds to the https://etherscan.io/address/0x964c192e54e5ef4176626875bb53071956579fca
which was in turn funded by another address https://etherscan.io/address/0x75497999432b8701330fb68058bd21918c02ac59. This is the same address
which got funds from the ‘Stake’ hacker on Polygon chain.

The Official Hack Response

  • Immediately after the hack was discovered, CoinEx Global started investigating the breach, a report on which would be published as soon as it is completed.
  • CoinEx Global has assured that the affected uses will receive 100% compensation for any loss due to this breach.
  • To stem the hack, deposit & withdrawal services have been temporarily suspended until further review.

You may also like