CoinsPaid, the world’s largest crypto payments provider, has revealed details of a hacking incident that occurred on July 22, 2023, resulting in the theft of $37.3 million. The company suspects that the notorious Lazarus Group, linked to the North Korean government, is behind the attack.
The Lazarus Group has been responsible for various high-profile hacking campaigns worldwide, including the Sony Pictures hack in 2014 and the WannaCry ransomware attack in 2017. In recent years, the group has targeted over 20 cryptocurrency platforms, stealing significant amounts.
The attack on CoinsPaid was meticulously planned, with the hackers spending six months tracking and studying the company’s systems. They used various tactics, including social engineering, phishing, and fake job offers, to infiltrate CoinsPaid’s infrastructure.
Tracing the attack
In a blog post on August 7, CoinPaaid said that hackers’ primary goal was to trick a critical CoinsPaid employee into installing malicious software to gain remote control of a computer. The method involved fake LinkedIn recruiting, bribing, and manipulating employees. The attackers were successful on July 22, 2023, after six months of failed attempts.
CoinsPaid collaborated with Match Systems, a top cybersecurity firm, to trace the stolen funds. The majority of the funds were withdrawn to the SwftSwap service, and similar patterns were found in the recent $100 million Atomic Wallet hack, further linking the attack to Lazarus.
The incident has exposed the ineffectiveness of blockchain scoring against money laundering and highlighted the vulnerability of human elements in cybersecurity. CoinsPaid has shared practical tips and is planning a round-table event to discuss challenges and create a more secure blockchain ecosystem.
Details of the attack
The attack began with constant unsuccessful attempts on CoinsPaid since March 2023. In April-May, the company experienced major attacks aimed at gaining access to employee and customer accounts. By June-July, a malicious campaign involving bribing and fake-hiring critical company personnel was carried out.
On July 7, a massive attack was executed, involving over 150,000 different IP addresses. The perpetrators finally succeeded on July 22 by tricking an employee into downloading software during a fake job interview, allowing them to access CoinsPaid’s infrastructure.
CoinsPaid and Match Systems carried out operational measures to trace and potentially freeze the stolen funds. The money was traced to the SwftSwap service, and a portion was sent to the Ethereum and Bitcoin networks. The laundering activity is ongoing, and monitoring continues.
Preliminary estimates show that the hackers likely lost up to 15% of the stolen funds on operational costs, including price slippage and commissions.
An industry-wide wake-Up call
In conclusion, the CoinsPaid hack is a clear indication of the growing risks in the crypto industry. It highlights the importance of implementing strong cybersecurity measures and working together as an industry to prevent future attacks. Due to this unfortunate incident, the need for new and innovative strategies to ensure the safety of digital assets can never be overemphasized.