CoinEx, the Hong Kong exchange, has announced that it will resume its deposit and withdrawal services for several cryptocurrencies on 21 September. These include Bitcoin, Ethereum, USDT, and USDC.
This decision comes in the aftermath of a $70million hack. The exchange also confirmed that customers who lost funds due to the breach will receive full compensation.
CoinEx’s breach was attributed to North Korea’s notorious Lazarus Group by various blockchain security firms. It was identified that the same wallet address used in this hack was previously involved in the Stake and Optimism breaches last month.
New withdrawal and deposit addresses for CoinEx users
To enhance security, CoinEx has taken steps to upgrade its customers’ deposit addresses for nine digital assets, including Bitcoin and Ethereum. These new addresses will be operational from 21 September.
CoinEx stressed in its blog post: “Please DO NOT use any old deposit addresses you may have saved – The old addresses will NO LONGER work and assets sent to them will be permanently lost.”
Details of the $70m CoinEx hack
Soon after the exchange was exploited, CoinEx suspended its withdrawal service to minimise further damage.
An initial investigation found the primary cause was a compromised private key linked to the exchange’s hot wallets.
The exchange has since acted by addressing the system vulnerabilities and moving the remaining assets away from the affected wallets. It also paused withdrawals and deposits on the platform for various cryptocurrencies.
Now set to restore these services, the exchange said: “Given the anticipated increase in withdrawal requests in the upcoming days, there might be some delays in processing. As we ascertain system stability, we’ll progressively reintroduce more assets to our deposit & withdrawal services.”
Despite the substantial $70m stolen, CoinEx has reassured its customers, emphasising that this amount is but a small fraction of its total managed assets. All affected users will be compensated in full for their losses.
CoinEx’s bug bounty
CoinEx reached out to the hackers in an open letter published on 15 September. It acknowledged the security breach as a wake-up call on the significance of robust platform security.
The letter emphasised the impact of the hack on its vast user base.
It said: “We hope you recognize the impact of this event on each one of those users. We would appreciate it if you understand the concerns and frustrations of these affected users. We sincerely invite you to work with us to resolve this issue in a securer, more reasonable, and more user-friendly manner.”
CoinEx has proposed a “bug bounty” as an incentive for the return of the stolen assets. The exchange also expressed a willingness to collaborate with the hackers to bolster their security measures in the future.
Several blockchain security firms, including SlowMist, have attributed the breach to the Lazarus Group. These North Korean hackers have also been blamed for other large scale crypto hacks, including the Ronin bridge exploit and the attack on Harmony’s horizon bridge.
Meanwhile, CoinEx has said that it is still investigating the attack and identity of those behind it.
The crypto exchange posted on social media app X: “We deeply appreciate the trust our users have placed in CoinEx during this time and we at CoinEx are dedicated to continually refining our services to uphold that trust.”