On September 12 at 16:20, CoinEx's risk control system detected abnormal attacks on various hot wallets that store assets for our exchange. In this article, we talk about the details of the hacking attack, our investigation process, security measures, our commitment to users and our future priorities.
Initial findings point to compromised private keys to hot wallets, which temporarily store the exchange's assets to facilitate transactions, as the root cause. The exact causes are still being investigated. In response to the attack, our teams quickly took a number of emergency measures over the last 48 hours:
1. All deposits and withdrawals have been suspended and the hot wallet server has been shut down immediately. 2. Remaining assets were transferred to secure cold storage. 3. The new wallet system has been recreated and put into operation. 4. Meticulous investigations into the attack were launched under the leadership of the CoinEx wallet team and security team. 5. Other exchanges were contacted to freeze the relevant assets.
Our founder and CEO, Haipo Yang, also expressed his sincere regret for the incident to the affected users on his personal Twitter account. He also promised that the team will continue to work diligently to restart services immediately and assured that user funds will not be affected.
By collecting feedback from our communities in 15 languages, we are fully aware that our users are concerned about reactivating the withdrawal service, compensating for stolen assets, and advancing our security plans. Therefore, in order to provide full transparency to our valued users, we would like to address concerns one by one:
Services and Operations
We aim to complete the wallet upgrades next week, after which withdrawals will be gradually reintroduced in a phased manner after passing stringent security checks. Our team is currently focused on building and deploying an entirely new, robust wallet system to manage activity across 211 chains and 737 assets.
Since each of our product lines operates independently with its own risk control system, the security incident that happened to CoinEx will not affect the others. Please rest assured that you can continue to use CoinEx's other products and services.
Losses and Compensations
Total losses from the incident are still being calculated. As of now, estimated losses are approximately US$70 million. However, this represents only a small portion of our total assets.
We solemnly undertake to provide 100% compensation to all affected users.
We are preparing special payment plans per coin and will share the exact details later.
Security and Protection
We are currently focusing on upgrading the wallet system, calculating losses, and freezing relevant suspicious addresses by coordinating with industry partners and peer exchanges.
We are currently developing options regarding compensation plans for stolen assets. Compensation will be provided per coin and details will be included in our official announcements later.
The Road Ahead: Enhanced Security and Industry Collaborations
Going forward, we will further enhance our security and risk management systems and establish the CoinEx Security Fund to improve our preparedness and response capabilities against contingencies. While collaborating with security firms and industry partners, we call on the broader crypto industry to strengthen security cooperation and develop a healthy, stable and sustainable development environment together.
Finally, we would like to express our sincere gratitude for the support and understanding of the community. Please check out our official social media accounts, community platforms and website announcements for the latest updates. We will continue to provide immediate information about the process.