Cryptocurrency exchange CoinEx experienced a massive outflow of funds to an unfamiliar address, raising suspicions of a major security breach. Security experts and blockchain analysts suspect that the exchange may have fallen victim to a hack, resulting in estimated losses of approximately $27 million.
Earlier today, an outgoing transaction from a known CoinEx hot wallet caught the attention of blockchain security firm Peckshield. The transaction involved the transfer of approximately 4,947 Ether (ETH), valued at $7.9 million at the time, to an Ethereum address that had no prior transaction history.
Following the initial transaction, the situation escalated rapidly. The CoinEx hot wallet initiated a series of transfers to the same unfamiliar address. Among the assets transferred were approximately 408,741 Dai (DAI) stablecoins, 2.7 million Graph (GRT) tokens, 29,158 Uniswap (UNI) tokens, and other cryptocurrencies. Along with Peckshield, CryptoQuant’s Head of Research, Julio Moreno, also noted the behaviour of the CoinEx wallet as abnormal, pointing out that the exchange’s Ether reserves had almost been completely depleted.
CoinEx responds to the attack
Later, CoinEx confirmed the suspicious withdrawals on Twitter. The exchange’s Risk Control System had detected unusual withdrawals from several hot wallet addresses used to store CoinEx’s exchange assets. In response, the exchange established a “special investigative team” to determine the extent and nature of the incident.
CoinEx Global tweeted:
“Urgent Notice: Security Incident on CoinEx – Immediate Actions Underway On September 12, 2023, our Risk Control System detected anomalous withdrawals from several hot wallet addresses used to store CoinEx’s exchange assets. Promptly recognizing the gravity of the situation, we immediately established a special investigative team to delve into the matter. Preliminary assessments indicate unauthorized transactions involving $ETH, $TRON, and $MATIC. “
CoinEx has since reassured its users, stating that the withdrawn crypto assets represented only a small portion of the exchange’s total reserves. In response to the breach, the exchange committed to providing 100% compensation to users who suffered losses due to the security breach.