On Sept. 12, crypto exchange CoinEx experienced abnormally large outflows to an address with no prior history, leading security experts to suspect the exchange was hacked. Blockchain security platform Cyvers Alerts has estimated the losses to be approximately $27 million.
Red CodeOur AI-powered model detected suspicious transactions related to @coinexcom 2 hours ago
The potentially stolen funds amount to $18.12M #Eth $8.5M #Tron and $291K in #Polygon
Possible causes: access control violations, private key leakage, rug pulling, insider job https://t.co/Wzw84azM9M pic.twitter.com/2bqHmE18Sr
— Cyvers Alerts (@CyversAlerts) September 12, 2023
At approximately 1:21 pm UTC, a known CoinEx hot wallet transferred around 4,947 Ether (ETH), worth $7.9 million at the time, to an Ethereum account. The receiving account had no prior history before this transaction.
Immediately after this transaction, the CoinEx hot wallet began transferring large amounts of tokens to the same address. Approximately 408,741 Dai (DAI) stablecoin, 2.7 million Graph (GRT) tokens, 29,158 Uniswap (UNI) tokens and many other tokens were transferred from the wallet.
Blockchain security firm PeckShield reported the outflow as “suspicious.” CryptoQuant head of research Julio Moreno also claimed that the behavior of the CoinEx wallet was “strange,” as Ether reserves “are now basically zero ETH.”
At 5:25 pm UTC, CoinEx confirmed on Twitter that the platform had experienced suspicious withdrawals. “[O]ur Risk Control System detected anomalous withdrawals from several hot wallet addresses used to store CoinEx’s exchange assets,” the exchange said, adding that a “special investigative team” had been appointed to determine what happened.
The team also claimed that the withdrawn crypto is a small part of the exchange’s total reserves and that users “will receive 100% compensation for any loss due to this breach.”
Urgent Notice: Security Incident on CoinEx – Immediate Actions Underway
On September 12, 2023, our Risk Control System detected anomalous withdrawals from several hot wallet addresses used to store CoinEx’s exchange assets. Promptly recognizing the gravity of the situation, we…
— CoinEx Global (@coinexcom) September 12, 2023
Update (5:38 p.m. UTC on September 12, 2023): This article has been updated to include a social media post from the CoinEx team acknowledging the suspicious withdrawals.