Estonia-based cryptocurrency payment provider CoinsPaid has revealed details of a cyber robbery that resulted in a loss of $37 million in recent revelations. The perpetrators seem to have taken advantage of human trust vulnerabilities.
Hackers impersonated potential employers through job interviews, believed to be North Korea-based Lazarus Group, Successfully compromised CoinsPaid’s system. The Lazarus Group is not new to high-profile cyberattacks, according to people familiar with the matter.In the past, they have been the focus of high-profile digital intrusions, especially 2014 Violations Sony Pictures and the global ransomware WannaCry Onslaught in 2017.
Their deep ties to the North Korean government and history of targeting cryptocurrency platforms suggest a sinister desire to hoard foreign currency. From targeting government websites in his 2013 Trojan campaign from 2009 to his recent activity in the cryptocurrency market, Lazarus has a comprehensive and extensive track record. Their crypto ventures include but are not limited to hacking Axie Infinity, Horizon Bridge and Atomic Wallet.
CoinsPaid’s long downside
according to coins paid, this was not an overnight job. The attackers spent six months laying the groundwork, trying to find vulnerable links within cryptocurrency payment providers. They used a variety of tactics, from social engineering such as DDos and BruteForce, to gathering intricate details about the company. Their persistence finally paid off in July 2023 when he successfully launched a major attack on CoinsPaid’s infrastructure.
What makes this hack so disastrous is its reliance on social engineering. These tactics, which many cybersecurity experts see as his top threats of 2023, exploit the human element of an organization. His LinkedIn recruitment of fakes was allegedly a favored strategy. CoinsPaid employees were lured by high-paying jobs and tricked during so-called “interviews” into installing malware that gave hackers access to internal systems.
jump cloudAn enterprise directory platform was also targeted in July 2023. Lazarus was adept at crafting fully believable narratives to exploit his targets, using detailed information collected over months.
follow your digital footsteps
Despite the sophistication of the hack, Coinspaid worked with cybersecurity firm Match Systems to carefully track the movement of funds. They warned all major cryptocurrency exchanges to deploy blockchain analytics to monitor and potentially freeze st0len assets.
Surprisingly, most of the stolen assets arrived at the SwftSwap service as USDT tokens on the Avalanche-C blockchain.Further tracing revealed a move to the Ethereum blockchain, followed by Avalanche and Bitcoin network.
However, hackers faced loot exhaustion while carrying out heists. Preliminary estimates suggest that up to 15% of the stolen funds were lost due to market manipulation, token exchanges and other hidden costs. Clearly, even for cybercriminals, big profits often come with high costs.
protect the future
The ordeal was a wake-up call for CoinsPaid, and potentially other crypto providers. Measures such as not ignoring indicators of compromise, training employees against social engineering tactics, securing workstations, segmenting networks, and maintaining robust monitoring systems are more important than ever.
CoinsPaid’s upcoming roundtables aim to foster a collaborative approach among blockchain entities to ensure that the blockchain ecosystem remains resilient against future threats.
According to experts, CoinsPaid hack This highlights the fragility of human trust in the digital age. Technology continues to evolve, but the ever-present human element remains both a strength and a weakness. This incident is a stark reminder that just as much as the community needs to upgrade its systems, it needs to consistently educate and harden the human component against evolving threats.