CoinEx Hackers Potentially Linked To Lazarus Group: Insights From SlowMist
Key Points:
- SlowMist’s analysis suggests that the hackers behind the CoinEx breach may be linked to the North Korean Lazarus Group, based on shared addresses and connections with previous exploits.
- The potential involvement of Lazarus Group raises concerns about the security of cryptocurrency platforms and highlights the need for enhanced cybersecurity measures in the crypto industry.
The CoinEx hackers could be members of the North Korean cyber group Lazarus Group, which has been linked to prior attacks.
A recent analysis conducted by SlowMist has raised the possibility that the hackers responsible for the CoinEx breach may be affiliated with the notorious North Korean hacker group, Lazarus Group. The connections identified between the hackers and previous cyberattacks have raised concerns about the group’s involvement in this recent incident.
The investigation reveals several key associations:
Alphapo Exploiter Connection: SlowMist’s analysis identified the use of TransitSwap to exchange TRX for ETH by a known Alphapo Exploiter (with the address TDrs…WVjr). This individual subsequently cross-chain transferred to the address 0x22be3b0a943b1bc0ea3aec2cb3ef511f3920a98d, which is marked as Alphapo Exploiter on the Ethereum (ETH) chain.
Shared Address: The address 0x22be3b0a943b1bc0ea3aec2cb3ef511f3920a98d is labeled as Alphapo Exploiter on the ETH chain and as Stake.com Exploiter on the Binance Smart Chain (BSC). This suggests that this address is shared between multiple exploits.
CoinEx Exploiter Connection: The address 0x75497999432B8701330fB68058bd21918C02Ac59 is marked as CoinEx Exploiter on the ARB and OP chains and as Stake.com Exploiter on the Polygon chain. This implies that this address is also shared between various exploits.
Given that Stake.com Exploiter has previously been linked by the FBI to the North Korean hacker group Lazarus Group, the emerging connections among Alphapo Exploiter, Stake.com Exploiter, and CoinEx Exploiter raise suspicions that all these exploits may be attributed to Lazarus Group.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.