By Elizabeth Howcroft and Raphael Satter
LONDON (Reuters) – Hackers linked to North Korea are likely behind the theft of $70 million from crypto exchange CoinX, blockchain researchers say.
CoinX, which says it is based in Hong Kong, said Tuesday on social media platform X, formerly known as Twitter, that a wallet used to store the exchange’s crypto assets was hacked. was taken. He said Friday that he estimated he would lose $70 million, a “small portion” of his net worth.
Blockchain research firm Elliptic said “multiple factors” indicate that the Lazarus Group – a hacker group linked to North Korea – was responsible for the attack.
CoinX has not said who it believes was behind the attack, although it told Reuters it is aware that some security firms have claimed that cyber-espionage teams linked to North Korea were to blame. Was ordained.
“An investigation into the identity of the hacker is ongoing,” CoinX told Reuters via email on Friday morning. CoinX did not respond to a Reuters comment request sent via email outside Hong Kong time on Friday about Elliptic’s research, which was published in a blog post.
Elliptic said some of the funds stolen from CoinX were sent to a crypto wallet address that had previously been used by Lazarus Group to launder stolen funds. Funds were also sent to the Ethereum blockchain using a blockchain “bridge” – a way to transfer funds between different blockchains – which was also previously used by Lazarus Group.
North Korea’s mission to the United Nations in New York did not respond to a Reuters comment request sent via email.
Chainalysis, another blockchain research firm, told Reuters on Thursday it had “medium-high confidence” that North Korea was behind the attack.
Elliptic said Lazarus Group has “recently ramped up its operations,” stealing approximately $240 million worth of crypto assets in four separate attacks since the beginning of June, in addition to the Coinex attack.
North Korea stepped up its cryptocurrency thefts last year, according to a UN report, and used sophisticated techniques to steal more in 2022 than any other year. Sanctions monitors have previously accused North Korea of using cyberattacks to finance its nuclear and missile programs.
North Korea has previously denied allegations of hacking or other cyberattacks.
(Reporting by Elizabeth Howcroft and Raphael Satter; Editing by Louise Heavens)