Blockchain researchers say North Korea-linked hackers may be responsible for the theft of $70 million from crypto exchange CoinEx.
CoinEx, which claims to be based in Hong Kong, announced on Tuesday 12 September on social media platform X that wallets used to store exchange crypto assets had been hacked. On Friday, September 16, CoinEx estimated their loss of $70 million, which they refer to as "a small fraction" of their total assets.
Research firm blockchain Elliptic said that "a number of factors" suggest that the Lazarus group - a hacker group linked to North Korea - was responsible for the attack.
CoinEx has not disclosed who they believe to be the perpetrators of the attack, although they told Reuters they knew several security companies had claimed North Korea's cyber team as the perpetrators.
"The identity of hackers is still under investigation," CoinEx told Reuters by email on Friday.
Elliptic said that part of the stolen funds from CoinEx were sent to the crypto wallet address previously used by the Lazarus group to launder stolen funds. Funds were also sent to the Ethereum network using a blockchain "bridge" - how to transfer funds between various blockchains - which the Lazarus group had also previously used.
SEE ALSO:
North Korea's mission to the United Nations in New York did not respond to requests for media comment.
Another blockchain research firm, Chainalysis, told Reuters on Thursday it had "moderate-high confidence" that North Korea was behind the attack.
Elliptic said the Lazarus group "appears to have recently stepped up its operations", stealing about $240 million in crypto assets in four separate attacks since early June, apart from CoinEx attacks.
North Korea stepped up its cryptocurrency theft last year, using advanced techniques to steal more in 2022 than the previous year, according to a United Nations report. Previous sanctions monitors have accused North Korea of using cyberattacks to fund its nuclear and missile programs.
North Korea has previously denied allegations of hacking or other cyberattacks.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)