How much was lost in the CoinEx hack?

The CoinEx hack resulted in $55.0M in losses on September 12, 2023.

What attack technique was used in the CoinEx exploit?

The CoinEx exploit utilized Private Key Compromised (Unknown Method) / Access Control. Understanding this attack vector is critical for smart contract auditors and developers building secure DeFi protocols.

How can developers prevent similar smart contract attacks?

Preventing smart contract hacks requires a combination of secure coding practices, thorough security audits, and understanding common attack vectors like reentrancy, oracle manipulation, and access control flaws. Smart Contract Hacking (SCH) provides hands-on training to help developers and auditors identify and prevent vulnerabilities before deployment.

CoinEx Hack

TOTAL LOST $55.0M

High #118 All-Time Sep 12, 2023 Private Key Compromised (Unknown Method) / Access Control arbitrum bitcoin bitcoincash bsc dagger ethereum kadena polygon solana stellar tron xrp

Affected Chain arbitrum 12 chains affected

Recovered - No recovery reported

All-Time Rank #118 By amount stolen

Protocol Type CEX Target category

Incident Overview

Quick Summary

CoinEx's hot wallets were exploited via private key compromise, resulting in a massive loss of 52,847,077 USD across 9 chains.

Details of the Exploit

The CoinEx crypto trading platform experienced a significant exploit on Sep 12, 2023, in which attackers compromised the private keys of their hot wallets. The attackers managed to steal funds across 9 different chains, transferring them to their own addresses. As of Sep 13, 2023, the stolen funds remain in the attacker's addresses.

Chain specific losses:

- Ethereum

- 18,324,848 USD worth 11,377.3 ETH

- Binance Smart Chain

- 6,286,018 USD worth 29,552.05 BNB

- Polygon

- 288,072 USD worth 559,908 MATIC

- Tron

- 11,119,353 USD worth 137,127,867 TRX

- Solana

- 2,496,432 USD worth 135,602 SOL

- Bitcoin

- 6,082,389 USD worth 231 BTC

- Bitcoin Cash

- 447,574 USD worth 2200 BCH

- Ripple

- 6,113,201 USD worth 12,625,364 XRP

- XDAG

- 1,689,190 USD worth 229,291,486.34 XDAG

Block Data Reference

Ethereum:

Attackers:

https://etherscan.io/address/0xCC1AE485…cCE454

https://etherscan.io/address/0x8bf8cd7F…8cC3dE

https://etherscan.io/address/0x483D8827…EFf584

Funds Holders as of Sep 13, 2023:

https://etherscan.io/address/0x2118e443…4DB297

https://etherscan.io/address/0x40cBe758…F7E37E

https://etherscan.io/address/0x1A61Df13…195f62

Funds Draining Transactions:

https://etherscan.io/tx/0x741b7071…fd5af5

https://etherscan.io/tx/0x9e8d4d98…230eaa

https://etherscan.io/tx/0x8d19b103…abddb0

Binance Smart Chain:

Attacker:

https://bscscan.com/address/0x6953704e…258A20

Funds Holders as of Sep 13, 2023:

https://bscscan.com/address/0xC844F717…2b984F

Funds Drain Transaction:

https://bscscan.com/tx/0x3be3502b…fd480d

Polygon:

Attacker:

https://polygonscan.com/address/0x4515bE00…9B95e9

Funds Holder:

https://polygonscan.com/address/0xD4342E02…CDBE2e

Funds Draining Transaction:

https://polygonscan.com/tx/0x0cce3401…6a9a7d

Tron:

Attacker:

https://tronscan.org/#/address/TPFUjxQzG88Vwynrpj2W61ZAkQ9W2QYgAQ

Funds Holder:

https://tronscan.org/#/address/TP75t6owoqXxskLq6FB2R37PymNTmohq9L

Funds Draining Transaction:

https://tronscan.org/#/transaction/07e5045c5b324c3a82b9fd71df6e182d90d7ab2c847300e328d15b38a57107c8

Solana:

Attacker:

https://solscan.io/address/G3udanrxk8stVe8Se2zXmJ3QwU8GSFJMn28mTfn8t1kq

Funds Draining Transaction:

https://solscan.io/tx/3zaFcH36bE8vnbFqLgHkMyqm59qttxp7X37aGtict3jDjLtdU125Mgphac7uCCbr1NT3E3momiYBjdraHCCs5Zmr

Bitcoin:

Attacker:

https://www.blockchain.com/btc/address/1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH

Funds Draining Transaction:

https://www.blockchain.com/btc/tx/e7484e5a559c7141813db5f27f22340265d695d6d75e9cf08f6937981134b7d0

Bitcoin Cash:

Attacker:

https://www.blockchain.com/bch/address/qrgxyhj8rzl4l7fgauu6q6vtu2grct4jeyrnaq2s75

Funds Transfer Transaction:

https://www.blockchain.com/bch/tx/f492ff6b9720a50a8422e154b26dd0f44325490dd0648584030bc1b0357d3e1f

Ripple:

Attacker:

https://xrpscan.com/account/rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf

Funds Transfer Transaction:

https://xrpscan.com/tx/E6E00EC1F49E335FE698ED9CCBC97BAC8F8BE01DB5FA87CF39C7CF9471856C3B

XDAG:

Attacker:

https://explorer.xdag.io/block/15VY3MadZvLpXhjzFXwCUmtZcHszju6L9

Funds Transfer Transaction:

https://explorer.xdag.io/block/9b502a255e8be26d01c89203a2ddb1168d34d34eb5b25b26d4c26c5b3f69e962

This is classified as a Access Control Attacks . Compare similar hacks →

Incident Report

Protocol / Project CoinEx

Date of Incident September 12, 2023

Affected Chain(s) arbitrum bitcoin bitcoincash bsc dagger ethereum kadena polygon solana stellar tron xrp

Attack Technique Private Key Compromised (Unknown Method) / Access Control

Classification Infrastructure / Other

Primary Source View Post-Mortem

Protocol Information

Protocol Type CEX

Official Website www.coinex.com/en/

Protocol Twitter/X @coinexcom?s=20

Team Anonymous

Source Code Unverified

Market Context at Time of Hack

Token Categories

Medium of Exchange BNB Chain Ecosystem

Protocol Links

GitHub Telegram

What the Attacker Needed to Succeed

Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.

Technical Knowledge Operational-security tradecraft (phishing, malware, leaked seed phrases, or insider access) to obtain treasury signing authority

Capital Required Minimal capital - only enough to cover Solana network fees while draining the compromised accounts

On-Chain Access Valid signing authority over the compromised stake accounts and treasury wallets, allowing direct transfer of funds or stake authorization

Target Reconnaissance Identification of CoinEx's high-value treasury accounts and the authority / multisig structure controlling them

Execution Speed Speed to drain the compromised accounts before the team detects the breach and revokes signing authority or freezes the assets

Obfuscation Plan A strategy to launder and move stolen funds - typically through mixers, cross-chain bridges, or decentralized DEX swaps to resist tracing

What Auditors Should Check

Could this have been caught in audit? Hard to catch — private key / OpSec failures are outside smart contract audit scope

If you're auditing a protocol with similar architecture to CoinEx, these are the critical security checks that could have prevented this incident (September 2023).

Verify all logic paths related to Private Key Compromised (Unknown Method) / Access Control are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs

Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.

Free Trial

Related Attack Classes

The technique used in this hack maps to these vulnerability classes in our security curriculum:

See all Access Control Attacks examples →

Access Control Attacks

Sources & References

01
Source 1 https://www.coindesk.com/tech/2023/09/13/north-korean-attackers-…
02
Web Archive https://archive.ph/S2eeS
03
Reference https://twitter.com/DeDotFiSecurity/status/1701616752323383593

Threat Assessment

Severity Level

HIGH

Attack Vector Private Key Compromised (Unknown Method) / Access Control
Root Cause Infrastructure / Other
Year 2023

Learn to Prevent the Next CoinEx

The CoinEx hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.

Start Free Trial Browse Attack Library

Incident Overview

Incident Report

Protocol Information

Market Context at Time of Hack

What the Attacker Needed to Succeed

What Auditors Should Check

Related Attack Classes

Sources & References

Related Hacks - Private Key Compromised (Unknown Method) / Access Control

Learn to Prevent the Next CoinEx