At 14:18 (UTC) on September 12, 2023, Cyvers Alerts posted a tweet regarding suspicious withdrawals on CoinEx Exchange. Crypto assets including ETH, TRON, MATIC, and more from CoinEx’s hot wallets were transferred to unknown addresses, raising suspicions of a potential hack.

The CoinEx team responded to the incident on Twitter at 17:38 the same day. According to the official statement, the exchange’s Risk Control System had detected anomalous withdrawals from several hot wallet addresses used to store CoinEx’s exchange assets. In prompt response, the team formed a special investigation team to delve into the incident and promised to offer 100% compensation for any loss due to this breach.

Official response from @CoinExGlobal

We reached out to the CoinEx team for more details about the breach. They informed us that its security team has been tracking the stolen funds and making progress. At 18:20 on September 12, CoinEx disclosed the first batch of hacker wallet addresses on Twitter and sought assistance from various blockchain organizations to freeze them.

The suspicious addresses are listed below:

$ETH:

0xce013682eddefaca8c94fe56a43a04212ebe4673
0x8bf8cd7F001D0584F98F53a3d82eD0bA498cC3dE
0xCC1AE485b617c59a7c577C02cd07078a2bcCE454
0x483D88278Cbc0C9105c4807d558E06782AEFf584

$BTC:
1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH

$TRON:

TP75t6owoqXxskLq6FB2R37PymNTmohq9L
TPFUjxQzG88Vwynrpj2W61ZAkQ9W2QYgAQ$XRP:
rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf

CoinEx disclosed the second batch of hacker addresses they identified at 2:41 on September 13:

$ETH:

0x2118e4432d668aCFa347ddBA0efCcc6BB04DB297
0x1A61Df134d766f1e240FBFAEe79bBeCC04195f62
0x40cBe7580168d52b7FEC884120B31115c3F7E37E

$XRP:
rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf

$SOL:
G3udanrxk8stVe8Se2zXmJ3QwU8GSFJMn28mTfn8t1kq

$BSC:
0x6953704e753C6FD70Eb6B083313089e4FC258A20

$KDA:
k:a9f3672d7ad7a1e4592702d73b220cbc61db1fa17f89a56131d965bc03959913

$BCH:
qrgxyhj8rzl4l7fgauu6q6vtu2grct4jeyrnaq2s75

$XDAG:
15VY3MadZvLpXhjzFXwCUmtZcHszju6L9

As of now, CoinEx has disclosed three batches of hacker addresses and asked relevant project teams and exchanges to monitor and freeze the suspicious addresses.

Users are concerned, as they currently cannot withdraw funds from CoinEx. Luckily, they have been assured by the exchange that, for the sake of asset security, withdrawals will resume as soon as the hacker addresses are fully identified and isolated after “a thorough review”. The team also emphasized that user assets remain “secure and untouched”.

Unlike cold wallets, which are kept offline and therefore safer, hot wallets are more vulnerable to hacks. The past few years have witnessed numerous incidents of exchange hacks and coin theft, dealing a heavy blow to blockchain security. Finding effective ways to keep hackers at bay remains a challenge for crypto exchanges.

As of this writing, CoinEx is still assessing the losses incurred. We will continue to closely follow this situation and provide updates as soon as possible.