• Tue. Feb 27th, 2024

CoinsPaid, a Cryptocurrency Platform, Discovered How Lazarus Hackers Took Its Millions

Avatar photo

ByMarcel Bich

Sep 2, 2023
CoinsPaid Discovers Lazarus Hackers
Marcel Bich
Latest posts by Marcel Bich (see all)

CoinsPaid, an Estonian firm that processes cryptocurrency payments, has discovered how North Korean hackers from the Lazarus gang broke into its servers on July 23. Then, nearly $37 million was taken. The attackers offered positions to CoinsPaid workers by posing as recruiters for other companies. Salary was the most alluring requirement for the position; it ranged from $16,000 to $24,000 per month.

One of the workers consented to a web interview with the “employer”. He was required to download unique software and do a test task before the interview. According to the inquiry, the individual installed harmful programs like JumpCloudAgent or other programs on his computer. In July, it’s also possible that the JumpCloud platform itself was compromised for specialized attacks against bitcoin exchanges.

The Hacker Plan Was Calculated

Lazarus’ whole course of action was thoroughly thought out, according to experts. During their six-month investigation of CoinsPaid, they gathered data on the service’s technological specifications and organizational design. This explains why the victim did not suspect anything about the manipulation because it appeared to be quite real.

After gaining entry to the CoinsPaid infrastructure, the attackers “used the system’s vulnerability as a backdoor,” according to CoinsPaid. They were able to make requests to interact with the blockchain and withdraw money from our operational vault thanks to the information they obtained throughout the investigation phase. Beginning in March 2023, hackers regularly tried to hack the platform before the attack on July 23rd, but after numerous failed attempts, they altered their strategy. 

The primary strategy, which focuses on specific employees rather than the organization as a whole, is social engineering. CoinsPaid also disclosed a partnership with blockchain security firm Match Systems to track down assets that have been stolen. The majority of cryptocurrencies have already been moved to SwftSwap, as is well known. Experts claim that the thieves’ transaction strategy is comparable to Lazarus’ conduct during the $35 million Atomic Wallet attack in June.

 
Avatar photo

Marcel Bich

Marcel ‘s passion for the world of cryptocurrencies and his comprehensive knowledge of blockchain technology make him an invaluable asset to our team. He stays updated on the latest trends, regulations, and emerging technologies in the crypto space, ensuring that our audience receives accurate and up-to-date information.