Skip to main content
Sign in

CoinEx

avoid.net/coinex32/100·82% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:north-korea][src:hot-wallet][src:tradertraitor][src:elliptic][src:sinbad][src:private-key-compromise][src:cross-chain][src:hack][src:compensation][src:multi-chain][src:cefi][src:defillama][src:certik][src:mixer][src:exchange][src:slowmist][src:zachxbt][src:apt38][src:ofac-sanctioned][src:lazarus][src:dprk]
anchored·4oeNVd…mYGr

Summary

CoinEx is a centralized cryptocurrency exchange that suffered a major hot wallet breach on September 12, 2023, with losses estimated between $54 million and $70 million across multiple blockchains. On-chain investigators ZachXBT and Elliptic attributed the attack to the Lazarus Group (TraderTraitor), a North Korean state-sponsored threat actor, based on wallet address overlap with the contemporaneous Stake.com hack. Stolen proceeds were subsequently laundered in part through the Sinbad Bitcoin mixer, which was sanctioned by the U.S. Treasury's OFAC on November 29, 2023.

Connected Entities

1 entities
Tokens
CoinEx
Relationships
    Have evidence about CoinEx?

    Timeline(6 events)

    2023-09-12

    CoinEx hot wallets breached at approximately 21:20 UTC+8; private keys compromised; anomalous outflows detected across Ethereum, TRON, BNB Chain, Bitcoin, and other networks. Deposits and withdrawals suspended globally.

    2023-09-13

    ZachXBT publicly identifies wallet address overlap between CoinEx hacker and Stake.com hacker (attributed to Lazarus Group), suggesting North Korean origin. Elliptic corroborates, noting funds routed through Lazarus-linked bridge infrastructure. Estimated losses revised upward to $54 million after second batch of affected addresses identified.

    2023-09-13

    CoinEx pledges 100% compensation to all affected users; states cold wallets were not targeted and remaining assets have been secured.

    2023-09-15

    The Record and other outlets publish detailed attribution reports linking CoinEx breach to North Korea's Lazarus Group based on Elliptic and ZachXBT blockchain forensics.

    2023-09-21

    CoinEx begins phased resumption of deposit and withdrawal services for select assets after security infrastructure overhaul.

    2023-11-29

    U.S. Treasury OFAC sanctions Sinbad.io Bitcoin mixer, explicitly citing its use in laundering funds stolen from CoinEx and other Lazarus Group hacks. FBI and Dutch and Finnish law enforcement seize the Sinbad.io domain.

    Provenance & Audit Trail
    Anchored on SolanaVerify on-chainsrc:north-koreasrc:hot-walletsrc:tradertraitorsrc:ellipticsrc:sinbadsrc:private-key-compromisesrc:cross-chainsrc:hacksrc:compensationsrc:multi-chainsrc:cefisrc:defillamasrc:certiksrc:mixersrc:exchangesrc:slowmistsrc:zachxbtsrc:apt38src:ofac-sanctionedsrc:lazarussrc:dprk

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet

    generated: 5/4/2026, 2:54:10 AM

    last updated: 5/26/2026, 4:11:11 AM

    avoid.net — verified advice for a post-truth world