Taking a Closer Look At CoinEx Exploit

4 min read

Learn how CoinEx was exploited across multiple chains, resulting in a $59 million loss.


On September 12, 2023, CoinEx was exploited across nineteen different chains, which resulted in a loss of funds worth over $59 million.

Introduction to CoinEx#

CoinEx is a global, centralized cryptocurrency exchange.

Vulnerability Assessment#

The root cause of the exploit is likely due to the compromise of the private keys.


Step 1:

The initial attack began on the Ethereum Mainnet with the suspicious transfer of 4,950 ETH, worth approximately $8 million.

Step 2:

The stolen assets across these chains include:

​​Ethereum Mainnet: 11,541.022 ETH and 204,315 BKK, worth $18,516,278.17
Tron: 137,127,867 TRX and 12,780,584 KLV, worth $11,115,713
BNB Chain: Over 29,622.05 BNB, worth $6,363,725.77
Ripple: 12,625,364 XRP, worth $6,060,174.72
Solana: 141,541 SOL, worth $2,541,462.41
Bitcoin: 231 BTC, worth $5,987,520
Dagger: 229,291,485 XDAG, worth $1,788,473
Arbitrum One: Over 332 ETH, worth $819,703.11
Stellar: 4,321,978 XLM, worth $519,043.1
Bitcoin Cash: 2,220 BCH, worth $440,492.4
Polygon: 559,908 MATIC, worth $285,385.11
Optimism: assets worth $260,000
Kadena: 2,214,700 KDA, worth $1,129,497
The Open Network: 325,430 TON, worth approximately $566,248
Tomo Chain: 259,494 TOMO, worth approximately $311,392
VeChain: 42,422,648 VET, worth approximately $593,917
LiteCoin: 5,435 LTC, worth approximately $315,230
DogeChain: 16,695,400 DOGE, worth approximately $985,028
Ethereum Classic: 7,434 ETC, worth approximately $108,833

Step 3:

On-chain data reveals that one of the addresses of the exploiter had also performed deposit and withdrawal operations with both Huobi and Binance in 2021. Coincidentally, the same address can also be traced to this post on Twitter.

Step 4:

It was also discovered that the address of the exploiter on the Arbitrum and Optimism chain matched an associated address on the Polygon network, which had been involved in an earlier attack on Stake, resulting in a reported loss of $41 million.

Step 5:

Alphapo was exploited due to the compromise of the private keys, which resulted in a loss of over $23 million worth of funds. The exploiter had swapped assets in TRX for ETH and bridged to this address via TransitSwap.

This exploiter-controlled address on the Ethereum Mainnet is also tagged to the Stake exploiter on the BNB chain. Thus, all of these three exploiters on Alphapo, Stake, and CoinEx could be associated or related in many similar ways.


Approximately four hours after the incident, the team publicly acknowledged the occurrence of the exploit. They stated that their risk control system had detected anomalous withdrawals from several hot wallet addresses used to store their exchange assets.

They assured that the user's assets are secure and untouched and that the affected parties will receive 100% compensation for any loss due to this breach. They also temporarily suspended deposit and withdrawal services for the time being.

They identified and isolated the suspicious wallet addresses linked to the attack on the BTC, Tron, and ETH chains. They also later shared the second and third series of suspicious wallet addresses linked to the hack.


The recent breach that impacted CoinEx across nineteen different blockchain networks underscores the critical necessity for a comprehensive security strategy within the decentralized finance sector. Upon examining the vulnerability, it becomes evident that specific practices could have substantially lessened the associated risks. Nevertheless, the ultimate solution lies in the integration of traditional security measures with innovative approaches such as those offered by Neptune Mutual.

To further minimize the likelihood of similar attacks, it is advisable to employ hardware wallets for the secure offline storage of private keys. The use of multi-signature wallets can introduce an additional layer of security. Additionally, adopting cold storage, which entails keeping private keys on a device disconnected from the internet, is recommended as it reduces susceptibility to phishing-related threats.

Nonetheless, even with the most robust security measures in place, vulnerabilities may still be exploited. This is where Neptune Mutual plays a pivotal role. In the event of security incidents akin to the CoinEx breach, the presence of a dedicated cover pool with Neptune Mutual could have significantly alleviated the ensuing consequences. Neptune Mutual extends coverage to users who experience losses due to smart contract vulnerabilities through its parametric policies.

With Neptune Mutual, users are not required to provide extensive evidence of their losses to claim payouts. Once an incident is confirmed and resolved through our incident resolution system, payouts are expedited, providing immediate relief to affected users.

Furthermore, Neptune Mutual operates across various blockchain networks, including EthereumArbitrum, and the BNB chain. This broad reach ensures that it can serve a diverse range of DeFi users and offer protection against potential vulnerabilities. In uncertain times, Neptune Mutual offers peace of mind to DeFi participants, guaranteeing the safeguarding of their investments.

Reference Source CoinEx