Odaily Planet Daily News During the analysis process, Slow Mist found that CoinEx hackers may be the North Korean hacker group Lazarus Group. The specific connections are as follows:
1. The known Alphapo Exploiter (TDrs...WVjr) uses TransitSwap to exchange TRX for ETH and cross-chain to the address (0x22be3b0a943b1bc0ea3aec2cb3ef511f3920a98d), so the address is also marked as Alphapo Exploiter on the ETH chain;
2. The hacker address 0x22be3b0a943b1bc0ea3aec2cb3ef511f3920a98d is marked as Alphapo Exploiter on the ETH chain and as Stake.com Exploiter on the BSC chain, which means this address is a shared address;
3. 0x75497999432B8701330fB68058bd21918C02Ac59 is marked as CoinEx Exploiter on the ARB and OP chains, and as Stake.com Exploiter on the Polygon chain, which means this address is a shared address.
Since Stake.com Exploiter has been linked by the FBI to the North Korean hacker group Lazarus Group, Alphapo Exploiter, Stake.com Exploiter and CoinEx Exploiter may all be members of the North Korean hacker group Lazarus Group.