CoinsPaid, an Estonian firm that processes cryptocurrency payments, has discovered how North Korean hackers from the Lazarus gang broke into its servers on July 23. Then, nearly $37 million was taken. The attackers offered positions to CoinsPaid workers by posing as recruiters for other companies. Salary was the most alluring requirement for the position; it ranged from $16,000 to $24,000 per month.
One of the workers consented to a web interview with the “employer”. He was required to download unique software and do a test task before the interview. According to the inquiry, the individual installed harmful programs like JumpCloudAgent or other programs on his computer. In July, it’s also possible that the JumpCloud platform itself was compromised for specialized attacks against bitcoin exchanges.
The Hacker Plan Was Calculated
Lazarus’ whole course of action was thoroughly thought out, according to experts. During their six-month investigation of CoinsPaid, they gathered data on the service’s technological specifications and organizational design. This explains why the victim did not suspect anything about the manipulation because it appeared to be quite real.
After gaining entry to the CoinsPaid infrastructure, the attackers “used the system’s vulnerability as a backdoor,” according to CoinsPaid. They were able to make requests to interact with the blockchain and withdraw money from our operational vault thanks to the information they obtained throughout the investigation phase. Beginning in March 2023, hackers regularly tried to hack the platform before the attack on July 23rd, but after numerous failed attempts, they altered their strategy.
The primary strategy, which focuses on specific employees rather than the organization as a whole, is social engineering. CoinsPaid also disclosed a partnership with blockchain security firm Match Systems to track down assets that have been stolen. The majority of cryptocurrencies have already been moved to SwftSwap, as is well known. Experts claim that the thieves’ transaction strategy is comparable to Lazarus’ conduct during the $35 million Atomic Wallet attack in June.