North Korean hacker group Lazarus adds another achievement, causing CoinsPaid to lose $37 million
The cryptocurrency payment provider CoinsPaid was hacked last month, resulting in a loss of $37 million. According to DL News report, the hack is believed to be linked to the North Korean hacker group Lazarus. The hackers deceived CoinsPaid employees into thinking they were undergoing a high-paying job interview and downloaded malicious software.
Table of Contents
The Notorious North Korean Hacker Group Lazarus
According to previous reports, at the end of March last year, the Axie Infinity sidechain Ronin was exploited, resulting in a loss of 173,600 Ether and 25.5 million USDC, valued at around $616 million at the time. This incident was later attributed by the U.S. Department of the Treasury to the North Korean cybercrime group Lazarus Group, and it appears to have originated from an Axie Infinity engineer downloading a fake PDF recruitment document.
In June, several users experienced asset losses on Atomic Wallet, with losses exceeding $100 million. The blockchain analysis company Elliptic believes that Lazarus was the mastermind behind the Atomic Wallet incident and discovered that Lazarus had also started to change its tactics, turning to the Russian exchange Garantex for money laundering.
According to estimates from Chainalysis and others, Lazarus Group and other North Korea-related hackers have stolen over $3 billion in cryptocurrency, making them the most prolific cryptocurrency hackers in recent years. In 2022, they broke their own record by stealing nearly $1.7 billion in cryptocurrency. North Korea's total merchandise exports in 2020 were $142 million, so it is safe to say that cryptocurrency hacking plays a significant role in the country's economy. Most experts believe that the North Korean government is using these stolen funds to finance its nuclear weapons program.
How Lazarus Hacked into CoinsPaid
According to a report by DL News, an employee of CoinsPaid thought they were undergoing a high-paying job interview with the cryptocurrency exchange Crypto.com, so they downloaded malicious software as part of the so-called technical test.
Once the employee downloaded the malware, the hackers gained access to CoinsPaid's system. They then successfully forged authorization requests to extract funds from CoinsPaid's hot wallet using software vulnerabilities. Subsequently, the hackers transferred most of the funds to the crypto bridge SwftSwap, with some also going to the decentralized exchange SunSwap on the Tron blockchain and the exchange SimpleSwap. According to CoinsPaid, the hackers also made transfers to mixers like Sinbad to obfuscate the flow of cryptocurrencies and evade KYC and anti-money laundering requirements.
CoinsPaid, headquartered in Estonia, stated that the hacking incident did not result in any customer fund losses. They have also learned some lessons from the event, including the importance of training employees to identify false job opportunities and understanding that small, unsuccessful hacking attempts may just be preparations for larger-scale operations.
Related
- Putin's Traders: FBI Busts Russian Hackers Invading U.S. Companies, Playing Wall Street Insider Trading
- Trump family members' Twitter accounts targeted in phishing attack using World Liberty Financial scam
- Certik responds to Kraken's accusation: Did not seek bounty, withdrew $3 million to test limits.