Estonia-based cryptocurrency payments firm CoinsPaid has announced that it suspects North Korean hackers from the Lazarus Group were responsible for a recent hack that resulted in the theft of over $37 million. According to CoinsPaid, the hackers gained access to their systems by tricking an employee through a fake job interview. The employee was made to believe they were completing a technical task but instead downloaded malicious code that allowed the hackers to steal information and gain access to the company’s infrastructure.
Once inside the system, the attackers exploited a vulnerability in CoinsPaid’s cluster and opened a backdoor. With the knowledge they gained during the exploration stage, the hackers were able to replicate legitimate requests for interaction interfaces with the blockchain and withdraw the company’s funds from its operational storage vault.
CoinsPaid has since partnered with blockchain security company Match Systems to track the stolen funds. The majority of the funds were transferred to SwftSwap, and it has been noted that many aspects of the hackers’ transactions resemble those of the Lazarus Group’s previous hacks. The company is diligently monitoring any movement of the funds as of August 7.
Interestingly, CoinsPaid’s post-mortem report of the hack reveals that the Lazarus Group had been attempting to infiltrate the platform since March 2023. However, after multiple failures, the attackers shifted their approach to highly sophisticated social engineering techniques, focusing on targeting individual workers rather than the company itself.
This hack bears resemblance to a previous cyber attack on Atomic Wallet in June, where $35 million was stolen. Similarities between the two incidents, such as the methods used and the destination of the stolen funds, further support the suspicion that the Lazarus Group is behind the CoinsPaid hack.
Given the severity of the attack, CoinsPaid is working closely with law enforcement agencies and regulators to investigate the incident and catch the perpetrators. The company is determined to recover the stolen funds and is committed to ensuring the security of its systems moving forward.
As the threat of cyber attacks continues to grow in the cryptocurrency industry, it is crucial for companies to remain vigilant and implement robust security measures to protect their assets. The Lazarus Group’s highly sophisticated tactics serve as a reminder that no organization is immune to cyber threats, and constant vigilance is necessary to safeguard against such attacks. CoinsPaid’s transparency in sharing details of the incident and its collaboration with industry partners and authorities demonstrate its commitment to resolving the issue and preventing future attacks.
In conclusion, the CoinsPaid hack serves as a wake-up call for the cryptocurrency industry to prioritize cybersecurity and invest in robust defense mechanisms. The involvement of the Lazarus Group highlights the evolving nature of cyber threats and the need for organizations to adapt and improve their security protocols. CoinsPaid’s actions in response to the hack underscore their determination to rectify the situation and protect the interests of their customers and stakeholders.
Source link