Global cryptocurrency exchange CoinEx recently fell victim to a major security breach that resulted in a loss of at least $29 million. The hackers targeted the firm’s hot wallets, leaving blockchain investigators alarmed by a series of suspicious transactions.
On Tuesday, crypto security platform Cyvers reported the breach and urged CoinEx to immediately suspend all deposits and withdrawals. The attack took place across three different blockchains and involved a wide range of tokens. As a result, the thieves made off with $18.12 million worth of assets on Ethereum, $8.5 million on Tron, and $291,000 on Polygon.
CoinEx pointed out several potential reasons for the breach, such as “access control violations,” “private key leakage,” or the act of “rug pulling.” The possibility of an “insider job” has not been ruled out either. ZachXBT, an on-chain investigator, also contributed to the findings. Additionally, Cyvers revealed that the hacker’s three suspicious addresses wasted no time in exchanging their stolen assets for ETH, with one address already transferring 3365 ETH, equivalent to $5.3 million, to an externally owned address.
CoinEx released a statement acknowledging the security breach. While the exact amount of assets lost remains uncertain, the exchange emphasized that the affected funds only represent a small portion of its total assets. Assuring users of the security of their assets, CoinEx promised full compensation for any losses resulting from the breach. The exchange also pledged to provide a comprehensive report and a detailed timeline of the incident. Furthermore, CoinEx has enlisted the help of an investigative team to thoroughly examine the matter.
The breach at CoinEx raises significant concerns about the security measures in place to protect assets on cryptocurrency exchanges. Despite the exchange’s reassurances, the fact that hackers were able to access the hot wallets and make off with such a substantial amount of funds indicates a potential vulnerability in CoinEx’s infrastructure.
The mention of “access control violations” as a possible cause of the hack highlights the importance of robust access control measures in safeguarding digital assets. Exchanges must implement stringent security protocols to ensure that unauthorized individuals cannot gain access to users’ funds.
Another possible cause cited by CoinEx is “private key leakage.” Private keys are critical in securing cryptocurrencies, as they essentially act as the password to access and control the funds. If indeed the breach occurred due to leaked private keys, it emphasizes the need for exchanges to implement strong encryption and storage mechanisms to protect these keys from falling into the wrong hands.
CoinEx also mentioned “rug pulling” as a potential cause of the breach. Rug pulling refers to a deceptive practice where developers abandon a project after taking investors’ funds. While CoinEx’s mention of this possibility may hint at the involvement of a specific token, it also brings attention to the importance of due diligence when listing new tokens on exchanges.
Though CoinEx mentioned the possibility of an insider job, it is unclear how seriously they consider it. However, the fact that this is a potential cause highlights the importance of proper employee vetting, access controls, and a culture of transparency within cryptocurrency exchanges.
The breach at CoinEx serves as a reminder that the cryptocurrency industry must continually improve its security measures. To maintain the trust of users and investors, exchanges should prioritize transparency, implement robust security protocols, conduct regular security audits, and hold themselves accountable for any breaches that occur. Only by doing so can the industry progress and provide a safe environment for users to trade and store their digital assets.