CoinEx hot wallet private keys compromised, resulting in $70M drained across multiple blockchains.
Attackers obtained private keys for CoinEx's hot wallets across Ethereum, Tron, Polygon, and Bitcoin networks. Funds were systematically drained across all four networks. Blockchain analysts (SlowMist) attributed the attack to North Korea's Lazarus Group based on fund flow patterns matching previous Lazarus operations.
Stolen funds moved through multiple intermediary addresses before converging at mixers. ETH portion routed via Tornado Cash. Tron assets moved through multiple hops. Bitcoin sent through ChipMixer before it was seized. Lazarus Group's trademark fund consolidation pattern visible on-chain.
0xd4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e