At 21:20 UTC+8 on September 12th, CoinEx’s Risk Control System detected anomalous attacks on several hot wallets that store assets for our exchange. Here are the details of the hack, our investigation progress, security measures, our commitment to users, and our future priorities.
Initial findings point to compromised private keys for hot wallets that temporarily store the exchange’s assets to facilitate transactions as the root cause. Specific causes are still under examination.
In response to the hack, our teams have swiftly implemented a series of emergency measures over the last 48 hours:
- Suspended all deposits and withdrawals and implemented an emergency shutdown of the hot wallet server.
- Transferred remaining assets to secure cold storage
- Rebuilt and deployed new wallet architecture
- Initiated rigorous investigations into the attack, led by the CoinEx wallet team and security team
- Contacted peer exchanges to freeze related assets
Our Founder and CEO Haipo Yang, has also expressed his sincere regrets about the incident to affected users via his personal Twitter account. He has also pledged that the team is working diligently to promptly restore services and reassured that user funds will not be impacted.
Gathering feedback across our communities in 15 languages, we are fully aware that users are concerned about withdrawal service restoration, compensation for stolen assets, and our security plans moving forward. Hence, we would like to address the concerns one by one in order to provide full transparency to our valued users:
Services and Operations
- We aim to finalize wallet upgrades next week, after which withdrawals will gradually resume in phases upon passing stringent security checks. Our team is currently focused on building and deploying an entirely new and robust wallet system to handle activities within the 211 chains and 737 assets.
- As each of our product lines operates independently with its own risk control system, the security incident that happened to CoinEx will not impact the others. Please rest assured in continuing to use CoinEx’s other products and services.
Losses and Compensations
- Total losses from the incident are still being calculated. As of now, estimated losses are approximately $70 million USD. However, this only represents a small portion of our total assets.
- We solemnly pledge to compensate all affected users 100%.
- We are formulating tailored compensation plans on a per-coin basis and will share details once finalized.
Security and Protection
- Currently, we focus on upgrading the wallet architecture, calculating losses, and freezing related suspicious addresses by coordinating with industry partners and peer exchanges.
- Regarding compensation plans for the stolen assets, we are now formulating options. The compensation will be provided per-coin, with details to follow in our official announcements later.
The Road Ahead: Enhanced Security and Industry Collaborations
Moving forward, we will further upgrade our security and risk management systems and set up the CoinEx Risk-Prevention Funds to enhance our preparedness and response capabilities for contingencies. While collaborating with security firms and industry partners, we call on the broader crypto industry to reinforce security cooperation and cultivate a healthy, stable, and sustainable development environment together.
Lastly, we would like to express our sincere gratitude for the community’s support and understanding. For the latest updates, please refer to our official social media channels, community platforms, and website announcements, as we will promptly communicate our progress.