Advertisement PDAX Banner

Report: North Korea’s Lazarus Group Behind $55M CoinEx Hack

Photo for the Article - Report: North Korea’s Lazarus Group Behind $55M CoinEx Hack
  • The cryptocurrency exchange CoinEx’s $55 million hack has been attributed to the Lazarus Group, a North Korean hacker organization, according to findings by SlowMist and ZachXBT. 
  • The group’s identification occurred when they accidentally revealed an address connected to previous hacks involving Stake and Optimism.
  • SlowMist’s analysis suggests a potential connection between three exploiters: CoinEx, Stake, and Alphapo, and the Lazarus Group.

According to findings from blockchain security firm SlowMist and on-chain investigator ZachXBT, the hack of the crypto exchange CoinEx, resulting in a loss of at least $55 million, has been attributed to the Lazarus Group, a North Korean hacker organization. 

Read our articles related to the Coinex Hack:

Lazarus is Behind CoinEx Hack

According to the report, the group’s identification came about when they accidentally revealed an address that matched those used in previous Stake and Optimism hacks.

“It appears North Korea is also responsible for the $54M @coinexcom hack from yesterday after they accidentally connected their address to the $41M Stake hack on OP & Polygon.”

ZachXBT via X

Moreover, the analysis of SlowMist suggests a potential connection between three exploiters of CoinEx, Stake, and Alphapo, and the North Korean hacker group Lazarus Group. 

According to SlowMist, the Alphapo Exploiter’s engagement with Tron (TRX) and Ethereum (ETH) on the Ethereum chain, along with its connection to the Stake Exploiter on the Binance Smart Chain, raises suspicions of involvement in multiple exploitative activities. 

Advertisement PDAX Banner

In addition, an address identified as the CoinEx Exploiter on the Arbitrum (ARB) and Optimism (OP) chains, as well as the Stake Exploiter on the Polygon chain, likewise hints at simultaneous exploitation efforts. 

Further, SlowMist noted that the Federal Bureau of Investigation (FBI) had previously linked the Stake Exploiter to the Lazarus Group. These findings strongly suggest a potential link between all three exploiters and the infamous North Korean hacking organization.

CoinEx Hack

On September 12, 2023, CoinEx experienced a security breach that resulted in the unauthorized withdrawal of cryptocurrency from its hot wallets. CoinEx emphasized that cold wallets remained secure and that they had suspended deposit and withdrawal services, shut down the hot wallet server, and securely transferred remaining assets to protected addresses. 

After the incident, the exchange assured its affected users that it would implement a 100% compensation plan. The CoinEx User Asset Security Foundation was responsible for covering the financial losses incurred as a result of the hacking.

In its recent update, CoinEx CEO Haipo Yang noted that the exchange had traced the stolen funds and the hacker’s addresses, secured the remaining user assets, and reached out to industry experts for assistance.

Previous Lazarus Schemes

The Lazarus Group is a cybercrime group that has been linked to a number of high-profile attacks; the group is believed to be sponsored by the North Korean government.

Last year, SlowMist has reportedly linked the Lazarus Group to a phishing campaign that has targeted NFT investors and stolen their NFTs through fake websites. The campaign has used 500 domains and has been active for at least 7 months.

Axie Infinity, a popular play-to-earn game, was hacked in March 2022. The hackers stole $625 million worth of cryptocurrency from the game’s Ronin Network. The FBI believes that the North Korean hacking group Lazarus is responsible for the attack. The attack is believed to have been carried out through a fake job offer that gave the hackers access to the game’s systems.

In 2022, Chainalysis reported that cryptocurrency-related heists have surged with $1.9 billion stolen from decentralized finance (DeFi) protocols in the first seven months of the year, according to Chainalysis.


This article is published on BitPinas: Report: North Korea’s Lazarus Group Behind $55M CoinEx Hack


  • Before investing in any cryptocurrency, it is essential that you carry out your own due diligence and seek appropriate professional advice about your specific position before making any financial decisions.
  • BitPinas provides content for informational purposes only and does not constitute investment advice. Your actions are solely your own responsibility. This website is not responsible for any losses you may incur, nor will it claim attribution for your gains.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.