On September 12, 2023, Coinex was hacked, losing an estimated $54 million after hackers removed significant amounts of BTC, ETH, TRX, and other tokens. Three days later, Coinex released an open letter to the hackers, hoping to “build a sincere and open channel of communication.”
Hacked but Hopeful: Coinex’s Pursuit of a Constructive Resolution
Founded in 2017 by Viabtc founder Haipo Yang, Coinex addressed the hackers responsible for the theft of $54 million in various cryptocurrencies. The exchange emphasized its mission to make “the world a better place through blockchain.” Coinex believes the hacker might “share similar aspirations.” The exchange seeks to initiate dialogue with the attackers, noting that a significant bug bounty would be awarded if the funds are returned.
“We sincerely invite you to work with us to resolve this issue in a securer, more reasonable, and more user-friendly manner,” Coinex said. “We encourage you to communicate and negotiate with us actively on the blockchain or through our official email address. If you are willing to return the stolen assets, we will offer you a generous bug bounty as a reward,” the exchange added.
Coinex’s outreach for reimbursement isn’t unprecedented in the industry. Numerous projects, after experiencing breaches, have tried to communicate directly with the assailant. Sometimes, this approach succeeds, and the attacker is then labeled a “White Hat” hacker, returning the stolen assets in exchange for a bounty. Coinex’s letter also highlighted that the action harms its users’ trust. The Hong Kong-based exchange emphasized that such a hack is a grave crime, stating:
Stealing a significant fortune through cyberattacks is considered a ‘severe criminal act’ in any country, and legal responsibilities cannot be evaded.
Recovering the funds might be unlikely if the hackers are linked to the North Korean hacking group Lazarus Group. Lazarus Group was allegedly involved when funds were directed to an address previously used in the Stake.com breach. The group, believed to be affiliated with the Democratic People’s Republic of Korea (DPRK) government, has no known instances of returning stolen assets.
What do you think about Coinex publishing an open letter to the hacker? Share your thoughts and opinions about this subject in the comments section below.