Coinex Exchange suffers from a $27M+ Hack - First detected by Cyvers

$27+ Million Stolen from Tron, Polygon, and Ethereum Hot Wallets - Cyvers’ Vigilens Uncovers Ongoing Heist
Coinex Exchange suffers from a $27M+ Hack - First detected by Cyvers


On September 12, 2023, at 02:05:23 PM UTC hackers were able to steal over $27 million from hot wallets on the Tron, Polygon, and Ethereum blockchains in a recent Web3 security incident affecting CoinEx. The breach was first identified by Vigilens, a powerful AI-driven Web3 security tool. This blog post will provide an in-depth analysis of the attack, its potential causes, and the ongoing investigation.

The VigiLens Discovery

Two hours ago, Vigilens flagged suspicious transactions linked to Coinex, a cryptocurrency exchange. The potentially stolen funds amounted to a staggering $18.12 million, with $8.5 million in Ethereum (ETH), $8.5 million in Tron (TRX), and $291,000 in Polygon (MATIC).

The Exploited Wallets

The hackers successfully exploited hot wallets on the Ethereum, Tron, and Polygon blockchains, demonstrating their capability to breach multiple networks.

Attackers addresses

One of the attacker's addresses, holding more than $10M in ETH
One of the attacker's addresses, holding more than $10M in ETH

Potential Causes

Several factors suggest potential causes for this breach, including:

  • Access Control Violations
  • Private Key Leakage
  • Rug Pulling
  • Insider Job

The hackers targeted more than 30 different assets during this attack. For a detailed breakdown of the largest stolen assets, you can refer to this link.

Ongoing Investigation

It's important to note that the situation is still developing. The hackers are currently in the process of swapping stolen tokens. Furthermore, no official statement has been received from the Coinex team.

While it is too early to definitively attribute this attack to a specific group, there are speculations that it could be related to the Lazarus group. However, the fact that the stolen tokens are being swapped to ETH raises questions. Monitoring the flow of swapped funds in the bridging phase, particularly towards Bitcoin (BTC) and the AVAX bridge, will be crucial for further investigation.

Analysis of the Coinex hack fund flows


In the world of cryptocurrencies, the mantra "Not your keys, not your coins" rings truer than ever. The recent breach of, as well as the Coinex breach, underscore the need for robust security measures in the crypto space. As the investigation continues, it is imperative for users and exchanges alike to remain vigilant and prioritize security.

Stay tuned for updates on this evolving situation, as we closely monitor the movement of the stolen assets and await further insights from the Coinex team.

Remember, in the world of cryptocurrencies, caution and security must always be paramount.

Next generation threat prevention

Book a Demo

Next generation blockchain threat prevention

Identify patterns and anomalies across blockchains in real-time for proactive mitigation.

Book a Demo
Next generation blockchain threat prevention- Identifies patterns and anomalies across web3 in real-time for proactive mitigation.