OmegaStarScream
Staff
Legendary
Offline
Activity: 3486
Merit: 6144
|
I see the amount but nothing else other than that. Was there more info yesterday, like how much of each assets they have etc? Somehow I can't remmember whether it was there last night when I checked their CMC profile. -snip-
Yes. They had the list of assets as well as the addresses and the amounts on them yesterday. So I just checked some of the addresses from the link you posted, and it looks like they were targeted: https://etherscan.io/address/0x53eb3ea47643e87e8f25dd997a37b3b5260e7336#tokentxnsWe can see here that funds were sent to the hacker's address, and then to what looks like Coinex address that still have funds (50M in Ether, and 20M in tokens) :
|
|
|
|
FatFork
Legendary
Offline
Activity: 1610
Merit: 2590
Top Crypto Casino
|
Perhaps the financial reserves data is automatically retrieved from their hot/cold wallet addresses. Given that many of those wallets have been drained (and Coinex may have made some transactions themselves to safeguard the funds), this could explain why the total has decreased significantly and why there is no longer detailed data showing individual token allocations. You can actually copy the addresses from the website archive and check them in the blockchain explorer. The ones I checked do indeed show the withdrawal of all assets in the last 12 hours.
|
|
|
|
Rikafip (OP)
Legendary
Offline
Activity: 1764
Merit: 5999
|
|
September 13, 2023, 11:30:05 AM |
|
Perhaps the financial reserves data is automatically retrieved from their hot/cold wallet addresses. Given that many of those wallets have been drained (and Coinex may have made some transactions themselves to safeguard the funds), this could explain why the total has decreased significantly and why there is no longer detailed data showing individual token allocations. Yeah I guess that's the reason for such a dramatic decrease. Anyway, situation doesn't look good at all and I hope that not many people here have money on Coinex. According to @zachxbt, it looks like the same group that recently hit Stake is behind Coinex hack as well (connected addresses). Here is tweet with more info and proof https://twitter.com/zachxbt/status/1701905899034390574?s=20
|
|
|
|
bbc.reporter
Legendary
Offline
Activity: 2940
Merit: 1446
|
|
September 14, 2023, 12:53:23 AM |
|
@Rikafip. It appears your joke on the hack being done by the Lazarus group was really a good prediction hehehe. However the skeptical me asks, is it confirmed that the hackers who hacked stake.com are really done by the Lazarus group? Similar to what you said, anything presently could be blamed on North Korea. I reckon the DOJ also used the Tornado Cash and North Korea storyline to force an executive order. What is their new agenda?
Also, I am very much in doubt that the hackers would accidentally connect their addresses by mistake. This might be intentional.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
Rikafip (OP)
Legendary
Offline
Activity: 1764
Merit: 5999
|
@Rikafip. It appears your joke on the hack being done by the Lazarus group was really a good prediction hehehe. Well, they usually blame them for these type of hacks so it was pretty much safe guesstimate However the skeptical me asks, is it confirmed that the hackers who hacked stake.com are really done by the Lazarus group? I don't think that is possible to confirm with 100% certainty that they were behind Stake hack. Iirc, "evidence" was more in style that it has elements of classsic Lazarus Group attack or soemthing similar among those lines. Also, I am very much in doubt that the hackers would accidentally connect their addresses by mistake. This might be intentional.
Maybe, mabe not. Even smart/capable people do stupid things sometime.
|
|
|
|
Husires
Legendary
Offline
Activity: 1596
Merit: 1287
|
|
September 14, 2023, 09:05:38 AM |
|
Hm are you sure? In one of their tweets Coinex mentioned this BTC address ( 1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH) as part of the hack and there's currenly 231 BTC there worth almost 6 million dollars.
I searched some articles and they did not mention Bitcoin. I activated notifications on the scammer’s address: https://blockchair.com/bitcoin/address/1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH. I think they will use one of the available mixing services, to see what is the best alternative to CM that these hackers prefer to use. 54 million is not a small and I fear that companies depositing their currencies with Coinex will exploit it by withdrawing all liquidity in the coming days, which may lead to bankruptcy.
|
|
|
|
|
Kavelj22
Legendary
Offline
Activity: 1764
Merit: 1463
🔃EN>>AR Translator🔃
|
|
September 14, 2023, 11:12:04 PM |
|
In the latest update issued by the blockchain analysis company PeckShieldAlert, it is reported that the CoinEx platform has lost the equivalent of $43 million, which is the total assets on different network chains. https://twitter.com/PeckShieldAlert/status/1701731944340562107Referring to the latest updates from the CoinEx platform, this number of losses was not announced, but rather it was announced that only the equivalent of $31 million was lost and that the addresses used by the hacker were identified. The platform confirms that all those affected will be compensated and that the hack was only able to acquire a small portion of the total assets on the platform’s hot wallets. Currently, all deposits and withdrawals have been suspended until it will be announced, and this in itself is considered a loss for users who have lost access to their savings, and they will certainly not be compensated due to the disruption. It is a new opportunity to remind once again that one of the most dangerous steps is using platforms for long-term storage of a large value of assets.
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO FUTURES | | | | | | | │ | 1,000x LEVERAGE | │ | COMPETITIVE FEES | │ | INSTANT EXECUTION | │ | . TRADE NOW |
|
|
|
PX-Z
|
|
September 14, 2023, 11:44:55 PM |
|
The platform confirms that all those affected will be compensated and that the hack was only able to acquire a small portion of the total assets on the platform’s hot wallets.
Good thing if it's the case, or it's just a cover up story to let its users not to panic, but let's hope it's the other way around. According to the statement, the cause of the incident was the leakage of the hot wallet private key, and the assets in CoinEx cold wallet have not been affected.
Can someone tell me if these "hot wallet private keys" are just saved on their platform's server, i mean on their hosting servers for them to control the withdrawal on their user's daily withdrawal, then just replenish the addresses if it lacks balance on it. Because if its the case then it'a easy much easier for hacker to compromised such thing.
|
|
|
|
FatFork
Legendary
Offline
Activity: 1610
Merit: 2590
Top Crypto Casino
|
|
September 15, 2023, 08:29:28 AM |
|
According to the statement, the cause of the incident was the leakage of the hot wallet private key, and the assets in CoinEx cold wallet have not been affected.
Can someone tell me if these "hot wallet private keys" are just saved on their platform's server, i mean on their hosting servers for them to control the withdrawal on their user's daily withdrawal, then just replenish the addresses if it lacks balance on it. Because if its the case then it'a easy much easier for hacker to compromised such thing. There's not much to say here. Obviously, if they wanted automatic withdrawals from the platform, they'd need to store the private keys for transaction authorization somewhere. We don't know how they kept these keys secure or who could access them. The leak might have been due to hacking or simply an inside job.
|
|
|
|
stompix
Legendary
Offline
Activity: 2898
Merit: 6350
Blackjack.fun
|
|
September 15, 2023, 09:11:54 AM |
|
The exchange just issued an official statement about the matter[1]. According to them this is just a small "amount" of what their reserves have, and affected users will be compensated. Am I the only one who finds this a bit hard to believe?
One of the Tweets mentions: We assure all users: your assets are secure and untouched. When you come up with this kind of bs after 40 million in coins definitely leaving your wallets it's pretty hard for anyone to take them seriously on this matter. No, the assets are not secure and are not untouched, as we speak they are getting touched by thousands of people in some swaps. I do kind of feel bad for Coinex being a relative old guard exchange but with the amount of shitcoins it listed it never managed to ure me into creating an account. And here comes the usual stuff, united we stand, we will overcome, we need more time to investigate, c ya! https://twitter.com/coinexcom/status/1702563038296154415
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
Husires
Legendary
Offline
Activity: 1596
Merit: 1287
|
|
September 15, 2023, 09:45:17 AM |
|
Can someone tell me if these "hot wallet private keys" are just saved on their platform's server, i mean on their hosting servers for them to control the withdrawal on their user's daily withdrawal, then just replenish the addresses if it lacks balance on it. Because if its the case then it'a easy much easier for hacker to compromised such thing.
The deposits and withdrawals system usually has a separate server where the private keys are placed here. From there, the main system sends it a list of addresses for the amount to be withdrawn, and the deposits and withdrawals system carries out that, ensuring that there is a sufficient balance for withdrawals, and transferring any excess balance to cold storage. Hackers can steal money in two ways: either by accessing the servers of the deposits and withdrawals system, that is, accessing the private keys and withdrawing currencies, or by manipulating the basic system so that the deposits and withdrawals system sends a withdrawal order for a specific amount to the hackers’ address. I do not know how the hack occurred, if it was to the system of deposits and withdrawals, then in most cases after restoring the system, users will be asked to stop using the old addresses, but if it is in the basic system, then in most cases users will not be asked.
|
|
|
|
|
Z-tight
|
|
September 15, 2023, 01:26:26 PM |
|
We solemnly pledge to compensate all affected users 100%. This is what CoinEx is saying, is it possible for them to lose over $70m and still compensate every user who lost funds 100%, or is this just 'good' PR so those who are affected would remain calm, i find this 100% compensation thingy very hard to believe.
CoinEx is not a big exchange, so i don't believe that a $70m loss is: a small portion of our total assets We'll see what they plan on doing in the coming months and if they are true to their words. Are people who still leave their funds in exchanges seeing these recent events: https://remitano.com/forum/ng/134684-latest-updates-on-recent-security-incident-on-remitano
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
Rikafip (OP)
Legendary
Offline
Activity: 1764
Merit: 5999
|
|
September 15, 2023, 04:09:33 PM |
|
- 70M $ in assets has been lost.
Time to update the guess title I guess. This is what CoinEx is saying, is it possible for them to lose over $70m and still compensate every user who lost funds 100%, or is this just 'good' PR so those who are affected would remain calm, i find this 100% compensation thingy very hard to believe. It remains to be seen, but considering the fact that amount lost is almost the 3x bigger than their daily trading volume, I would be very surprised if everyone gets their money out fast. Fingers crossed though. It doesn't matter. Even if what hapepned to FTX happens to Binance/Coinbase, people would still store their money on centralized exchanges. Barely anyone (including those that lost money there) learned any lesson from Mt.Gox fiasco so why would now be any different?
|
|
|
|
Kavelj22
Legendary
Offline
Activity: 1764
Merit: 1463
🔃EN>>AR Translator🔃
|
We solemnly pledge to compensate all affected users 100%. This is what CoinEx is saying, is it possible for them to lose over $70m and still compensate every user who lost funds 100%, or is this just 'good' PR so those who are affected would remain calm, i find this 100% compensation thingy very hard to believe.
CoinEx is not a big exchange, so i don't believe that a $70m loss is: a small portion of our total assets We'll see what they plan on doing in the coming months and if they are true to their words. These amounts can be considered huge compared to the market value of the platform and its daily trading volume. The platform is not popular compared to its competitors, Binance, Coinbase, and others. Therefore, their success in securing users’ lost deposits will strengthen their position in the market. This can easily be referred to as an “inside work” hypothesis, especially since it will not be possible to prove otherwise if the identity of the hacker is not known, or at least the method through which the hacking occurred. I have been following the updates since yesterday, and there is no talk about ongoing investigations or possible hypotheses about how the hackers were able to access the private keys of the platform’s hot wallet, or about ways to track the stolen funds after the addresses to which they were sent were identified.
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO FUTURES | | | | | | | │ | 1,000x LEVERAGE | │ | COMPETITIVE FEES | │ | INSTANT EXECUTION | │ | . TRADE NOW |
|
|
|
Rikafip (OP)
Legendary
Offline
Activity: 1764
Merit: 5999
|
This can easily be referred to as an “inside work” hypothesis, especially since it will not be possible to prove otherwise if the identity of the hacker is not known, or at least the method through which the hacking occurred. I don't think that "inside job" is a valid theory in this case if what they are saying is true, that hackers used address connected with the recent Stake hack. I have been following the updates since yesterday, and there is no talk about ongoing investigations or possible hypotheses about how the hackers were able to access the private keys of the platform’s hot wallet, or about ways to track the stolen funds after the addresses to which they were sent were identified.
The only ones who can give answers to that are Coinex people and since it happened only few days ago, it will take some time before we get an official explanation what exactly happened there. Then again, this official explanation might be a bullshit story too in order for them to look good. In the end, how hack happened is not as important as a lesson I hope some people learned, not to store their coines on centralized exchange.
|
|
|
|
|
DaveF
Legendary
Offline
Activity: 3486
Merit: 6304
Crypto Swap Exchange
|
|
September 20, 2023, 01:49:54 PM |
|
Poking around a bit and talking out my A$$ but I don't think the wallets were actually compromised but the back end that talked to the wallets. More like the withdrawal server was compromised. There were other tokens and things associated with a few of those addresses that were not moved until coinex moved them hours later.
Could be I'm missing something obvious, but if they had access to the wallet server(s) and the private keys everything in those addresses would be gone. IMO.
So their 'preliminarily determined that the cause of the incident was the leakage of the hot wallet private key' is either wrong OR the people who took the money were incompetent OR as I said, I am missing something.
-Dave
|
|
|
|
BitMaxz
Legendary
Offline
Activity: 3262
Merit: 2974
Block halving is coming.
|
Some good news for those who have their funds stuck[1], you should be able to withdraw your funds starting tomorrow (21th September, 8:00 UTC). Make sure to not use any of your previous deposit addresses if you're planning to continue to use the exchange, because they won't be credited to your account.
I confirmed that the deposit and withdrawal are resumed but only 190 Crypto can able to withdraw according to the Coinex support on telegram and they will gradually resume deposit and withdrawal for 500+ cryptos within 5 working days. To those who deposited last week that weren't credited to their account, you should submit a request to Coinex support including the screenshot of the transaction from the wallet and the transaction ID. Here's the link where you can request below and then issue type "Deposit not credited" - https://support.coinex.com/hc/requests/new
|
|
|
|
|