A whopping $37 million was siphoned off by hackers from CoinsPaid, a leading crypto payment provider, after an employee unknowingly played into their trap. Behind this intricate six-month plot? None other than North Korea’s notorious hacking group, Lazarus.
In late July, an unsuspecting programmer from the Estonian company CoinsPaid was lured into a video interview via LinkedIn by a ‘recruiter’ offering a lucrative job opportunity. He was asked to download a file for a technical test on his work computer. Fast forward a few days, and CoinsPaid’s security team spotted a flurry of unusual transactions draining the company’s accounts.
This heist bore the hallmarks of Lazarus’s handiwork: the rapid theft technique and the methodology. The fake job interview and subsequent breach were the culmination of an exhaustive half-year strategy. During this period, the hackers unleashed multiple attacks, testing the network for vulnerabilities. They meticulously researched CoinsPaid, using phishing tactics and reaching out to several employees with job inquiries, all in a bid to infiltrate the company’s internal systems.
Once the CoinsPaid engineer downloaded the deceptive file, it gave the hackers remote access to the CoinsPaid system. They quickly emptied active cryptocurrency wallets and began laundering the stolen crypto. For this laundering process, they deployed the crypto mixer Sinbad and various exchange services that mix and swap different cryptocurrencies, making the token’s origins hard to trace.
Currently, these hackers are working overtime to cover their tracks. They’ve been linked to breaches in the cross-chain bridge Harmony, the Atomic Wallet, and crypto projects CoinsPaid and Alphapo. Taylor Monahan, founder of the MyCrypto wallet, highlighted that these culprits laundered around $8.5 million in cryptocurrency across three networks: Ethereum, Avalanche, and Bitcoin in just one day. In recent weeks, they’ve shuffled between $25 million to $50 million through cross-chain shenanigans, executing over 500 transactions in a single operation.