Lazarus Group, the hacker group believed to be sponsored by the North Korean government, is allegedly responsible for attacking CoinEx, a crypto exchange, according to blockchain security experts SlowMist and on-chain sleuth ZachXBT.
Wallets involved in draining funds from CoinEx on Sep. 12 also participated in stealing $41 million from Stake.com, the crypto casino. Attackers siphoned millions in digital assets from the operators’ hot wallets in both cases.
The Federal Bureau of Investigation (FBI) attributed Stake’s exploit to Lazarus, meaning that the same cyber actors most likely targeted the crypto exchange as well. On-chain data also indicates a network of addresses tied to the thefts on CoinEx and Stake dot com.
SlowMist’s report on the matter noted that the Stake exploiter and the Alphapo hacker share an address, both believed to be controlled by Lazarus.
The crypto community was alerted to a “security incident” affecting CoinEx’s hot wallets on Tuesday, Sep. 12. Losses were initially estimated at $27.8 million but further analysis highlighted that hackers stole up to $55 million in cryptocurrencies.
Stolen funds from the hack were withdrawn via Bitcoin (BTC), Ethereum (ETH), Tron (TRX), BNB Chain (BNB), Polygon (MATIC), Arbitrum (ARB), and six other blockchains.
Indeed, CoinEx is the latest victim in a wave of attacks besieging crypto operators with Lazarus the prime suspect in several of these incidents.
North Korea’s hackers are the believed perpetrators of exploits on CoinEx, Stake, CoinsPaid, Alphapo, and Atomic Wallet. All five hacks happened in a 102-day window and Lazarus reportedly stole over $270 million in that time.
At this rate, Lazarus could exceed $500 million in criminal proceeds from crypto hacks before 2023 closes. A Chainalysis report previously said the hacker group snatched over $1 billion from digital asset investors and service providers in 2022.