A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo Acquire Licensing Rights
LONDON, Sept 15 (Reuters) – Blockchain researchers say North Korea-linked hackers are likely behind a $70 million theft from crypto exchange CoinEx.
CoinEx, which says it is based in Hong Kong, said on Tuesday on social media platform X, formerly known as Twitter, that wallets used to store the exchange's crypto assets had been hacked. It said on Friday it estimates its losses at $70 million, which it said is a "small portion" of its total assets.
Blockchain research firm Elliptic said that "a number of factors" indicate that the Lazarus Group – a hacker group associated with North Korea – was responsible for the attack.
CoinEx has not said who it believes was behind the attack, although it has told Reuters it is aware that some security firms have claimed cyber-espionage teams linked to North Korea were to blame.
"The hacker's identity remains under investigation," CoinEx told Reuters via email early on Friday. CoinEx did not respond to a Reuters comment request sent via email later on Friday, outside of Hong Kong hours, about Elliptic's research, which was published in a blog post.
Elliptic said that some of the funds stolen from CoinEx were sent to a crypto wallet address which had previously been used by the Lazarus Group to launder stolen funds. The funds were also sent to the Ethereum blockchain using a blockchain "bridge" – a way of transferring funds between different blockchains – which had also previously been used by the Lazarus Group.
North Korea's mission to the United Nations in New York did not respond to a Reuters comment request sent via email.
Another blockchain research firm, Chainalysis, told Reuters on Thursday it had "medium-high confidence" that North Korea was behind the attack.
Elliptic said the Lazarus Group "appears to have recently ramped up its operations", stealing around $240 million worth of crypto assets in four separate attacks since the beginning of June, in addition to the CoinEx attack.
North Korea stepped up its cryptocurrency theft last year, using sophisticated techniques to steal more in 2022 than any other year, according to a United Nations report. Sanctions monitors have previously accused North Korea of using cyberattacks to help fund its nuclear and missile programs.
North Korea has previously denied allegations of hacking or other cyberattacks.
Reporting by Elizabeth Howcroft and Raphael Satter, Editing by Louise Heavens
Our Standards: The Thomson Reuters Trust Principles.
Thomson Reuters
Reports on the intersection of finance and technology, including cryptocurrencies, NFTs, virtual worlds and the money driving "Web3".
Thomson Reuters
Reporter covering cybersecurity, surveillance, and disinformation for Reuters. Work has included investigations into state-sponsored espionage, deepfake-driven propaganda, and mercenary hacking.
WhatsApp's top head on Friday denied a Financial Times report that said the Meta Platforms-owned messaging platform was exploring advertisements as it sought to boost revenue.
Reuters, the news and media division of Thomson Reuters, is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers.
Build the strongest argument relying on authoritative content, attorney-editor expertise, and industry defining technology.
The most comprehensive solution to manage all your complex and ever-expanding tax and compliance needs.
The industry leader for online information for tax, accounting and finance professionals.
Access unmatched financial data, news and content in a highly-customised workflow experience on desktop, web and mobile.
Browse an unrivalled portfolio of real-time and historical market data and insights from worldwide sources and experts.
Screen for heightened risk individual and entities globally to help uncover hidden risks in business relationships and human networks.
All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays.
© 2023 Reuters. All rights reserved