CoinEx, which says it is based in Hong Kong, said on Tuesday on social media platform X, formerly known as Twitter, that wallets used to store the exchange's crypto assets had been hacked. It said on Friday it estimates its losses at $70 million, which it said is a "small portion" of its total assets.
CoinEx has not said who it believes was behind the attack, although it has told Reuters it is aware that some security firms have claimed cyber-espionage teams linked to North Korea were to blame. Elliptic said that some of the funds stolen from CoinEx were sent to a crypto wallet address which had previously been used by the Lazarus Group to launder stolen funds. The funds were also sent to the Ethereum blockchain using a blockchain "bridge" - a way of transferring funds between different blockchains - which had also previously been used by the Lazarus Group.
Another blockchain research firm, Chainalysis, told Reuters on Thursday it had "medium-high confidence" that North Korea was behind the attack.