Behind $70 Million Crypto Theft, Suspected North Korea-Linked Hackers

In a significant cybersecurity development, blockchain analysts and researchers suspect that North Korea-linked hackers are behind a massive $70 million theft from the crypto exchange CoinEx. This article delves into the details of the incident, the potential involvement of the Lazarus Group, and the broader implications of this cyberattack.

Cryptocurrency exchanges have become prime targets for cybercriminals. And the recent $70 million theft from CoinEx has raised suspicions of North Korean involvement. CoinEx, based in Hong Kong, reported the hack on social media platform X (formerly Twitter), leading to a thorough investigation by blockchain research firms and experts.

The CoinEx Hack

CoinEx revealed the security breach involving the theft of crypto assets from its wallets. While the exchange did not initially disclose the extent of the losses, it later estimated the damages at $70 million. While this represents a significant loss, CoinEx emphasized that it constitutes only a “small portion” of its total assets.

Suspected Culprit: The Lazarus Group

Blockchain research firm Elliptic has pointed to compelling evidence that the Lazarus Group, a hacker collective associated with North Korea, may be responsible for the attack. While CoinEx has not officially attributed the attack to any specific entity. However, it acknowledged that some security firms have linked the cyber-espionage teams of North Korea to the incident.

Evidence Pointing to Lazarus Group

Elliptic’s research points to several key factors suggesting the involvement of the Lazarus Group:

1. Funds Sent to a Known Wallet

Some of the stolen funds were traced to a crypto wallet address previously associated with the Lazarus Group’s money laundering activities.

2. Use of Blockchain “Bridge”

The hackers used a blockchain “bridge” to transfer the stolen funds to the Ethereum blockchain. Interestingly, this very method had been used by the Lazarus Group in the past.

Corroborating Evidence

Chainalysis, another blockchain research firm, expressed “medium-high confidence” that North Korea was behind the attack, lending further credence to the suspicion. North Korea’s mission to the United Nations in New York did not respond to a Reuters comment request sent via email.

Lazarus Group’s Escalating Activities

Elliptic’s research suggests that the Lazarus Group has significantly increased its operations. And with approximately $240 million in crypto assets stolen in four separate attacks since the beginning of June. The CoinEx breach represents just one of these incidents.

Also Read About: TikTok Fined 345 Million Euros by Watchdog Over How It Processed Children’s Data

North Korea’s Cryptocurrency Theft

This incident is not isolated, as North Korea has been actively involved in cryptocurrency theft. According to a United Nations report, the country escalated its cryptocurrency-related cybercrimes in the previous year, surpassing all previous records. The funds acquired through these illegal activities have been suspected of being used to support North Korea’s nuclear and missile programs.

North Korea’s Denial

It is important to note that North Korea has consistently denied allegations of hacking or other cyberattacks, despite mounting evidence to the contrary.


The suspected involvement of North Korea-linked hackers in the $70 million CoinEx crypto theft highlights the ongoing challenges and threats in the cryptocurrency space. As cybercriminals become increasingly sophisticated, exchanges and users must remain vigilant in protecting their digital assets. Moreover, this incident underscores the need for international cooperation to combat cybercrime. As cryptocurrency thefts can have far-reaching consequences beyond financial losses, impacting global security and stability.

Leave a Comment