According to cybersecurity experts from SlowMist and investigator ZachXBT it is believed that the cyberattack on CoinEx, a cryptocurrency exchange was orchestrated by the Lazarus Group. This hacking group is suspected to have ties to the Korean government. Notably the same wallets involved in draining funds from CoinEx on September 12 were also connected to a $41 million theft from Stake.com, a cryptocurrency casino.
In both incidents substantial amounts of money were emptied from the companies online wallets known as “wallets. The FBI has attributed the hack on Stake.com to Lazarus indicating that it is highly likely they are also responsible for the attack on CoinEx. Additionally blockchain data reveals a connection between addresses involved in both thefts.
A report by SlowMist points out that the same address was utilized in hacks like Stake and Alphapo which are believed to be linked to Lazarus. On September 12 CoinEx disclosed a “security incident” impacting their wallets. Initial estimates suggested losses of $27.8 million; however further investigations uncovered that, up to $55 million worth of cryptocurrencies were stolen. The assets taken included Bitcoin, Ethereum, Tron, BNB Chain, Polygon, Arbitrum and six other blockchains.
CoinEx has become the target of a series of attacks aimed at cryptocurrency organizations and there are suspicions that Lazarus may be involved in multiple cases. Over a period of 102 days it is believed that Lazarus orchestrated hacks on CoinEx, Stake, CoinsPaid, Alphapo and Atomic Wallet resulting in the theft of than $270 million.
According to a report by Chainalysis if Lazarus continues at this rate they could accumulate over $500 million through cybercrimes related to cryptocurrencies by the end of 2023. Already in 2022 it is said that this group has plundered, over $1 billion from holders and providers of assets.