CoinEx hack
About $70M was drained from the Hong Kong-based exchange CoinEx in September 2023 after its hot-wallet private keys were compromised. Researchers (Elliptic, ZachXBT) linked the theft to North Korea's Lazarus Group, partly via wallets shared with the Stake.com hack.
Also known as: CoinEx, CoinEx hack
Summary
On September 12, 2023, CoinEx detected anomalous withdrawals from several hot wallets and ultimately lost an estimated $70 million across BTC, ETH, XRP, TRON, SOL, and other assets. The exchange said the root cause was a compromised hot-wallet private key, that cold storage was unaffected, and that it would compensate users 100%. [1][2]
Attribution
Blockchain investigators linked the theft to North Korea's Lazarus Group: ZachXBT found the attacker reused addresses connected to the earlier $41M Stake.com hack, and Elliptic noted the funds moved through a bridge Lazarus had used before. It was described as Lazarus's fifth major heist in about three months in 2023. [1][2]
Bracketed numbers refer to the numbered sources listed below.
People & entities involved
Sources (2)
See also
- Loci (LOCIcoin)TokensA 2017–2018 ICO for 'LOCIcoin' tied to the InnVenn IP-search platform. The SEC charged Loci and CEO John Wise with fraud for raising $7.6M on false claims about revenue, headcount, and user base; Wise also misused investor funds. Settled with a $7.6M penalty and an officer/director bar.
- Blockchain Terminal (BCT)TokensA 2017–2018 ICO (BCT tokens, ~$30M) for a 'Blockchain Terminal' — a Bloomberg-style crypto trading terminal. The SEC and DOJ said convicted ex-hedge-funder Boaz Manor secretly ran it under a fake identity ('Shaun MacDonald'), using associate Edith Pardo as a front, and lied about the product's adoption.
- Crowd Machine (CMCT)Tokens
This page was last updated on Jun 8, 2026. View revision history.