Cryptocurrency payments platform CoinsPaid has identified the Lazarus Group, a state-backed hacking organization from North Korea, as the culprits behind a recent attack on its internal systems. The attack resulted in the theft of $37.3 million on July 22. In a post on July 26, CoinsPaid suggested that Lazarus Group, known for being one of the most powerful hacker organizations, was responsible for the incident. However, CoinsPaid did not disclose the specific method used to steal the money. The attack forced CoinsPaid to temporarily suspend its operations for four days.
Although the customer funds were not affected and remain secure, the platform and the company’s balance sheet suffered significant damage. Despite the scale of the exploit, CoinsPaid believes that the Lazarus Group was actually aiming for a much larger sum. The company’s response to the attack included fortifying its systems and minimizing the impact, resulting in a record-low reward for the hackers.
CoinsPaid promptly filed a report with Estonian law enforcement three days after the hack in order to initiate a thorough investigation. In addition, several blockchain security firms, including Chainalysis, Match Systems, and Crystal, assisted in CoinsPaid’s preliminary investigation in the immediate aftermath of the attack. Max Krupyshev, CEO of CoinsPaid, expressed confidence that the Lazarus Group will face legal consequences for their actions, stating, “We have no doubt the hackers won’t escape justice.”
A cybersecurity firm called SlowMist has suggested a potential link between the CoinsPaid hack and two recent notable cyberattacks on Atomic Wallet and Alphapo. The former attack resulted in the theft of $100 million, while the latter saw $60 million being exploited. SlowMist referred to ongoing incidents involving these platforms and CoinsPaid, speculating that the Lazarus Group might be responsible for all of them.
Furthermore, online coding platform GitHub has reported that Lazarus Group is engaging in a social engineering scheme specifically aimed at individuals working in the cryptocurrency and cybersecurity sectors. GitHub believes with “high confidence” that the Lazarus Group is targeting workers in these fields to compromise their GitHub accounts using NPM packages infected with malware. The cybersecurity platform Socket.Dev warned software developers to exercise caution when approached on social media and to thoroughly review repository invitations before collaborating, as these could potentially contain malicious software.
In light of these developments, the identification of Lazarus Group as the perpetrators behind the attack on CoinsPaid highlights the ongoing threat posed by state-backed hacking organizations in the cryptocurrency industry. It serves as a reminder for individuals and companies operating in this sector to remain vigilant and take necessary precautions to protect their assets and systems from cyber attacks.
Source link