New Data Suggests Russian Hackers were Behind Coincheck $530M Crypto Hack

Russian Hacking Group Crypto

It’s now thought that Russians were behind one of the biggest crypto heists in history, the crypto exchange Coincheck Inc heist. In January 2018, hackers broke into Coincheck, a popular cryptocurrency exchange, and made off with over $500 million in digital tokens.

At the time, Coincheck didn’t reveal any details about how their system was breached, other than to say that it wasn’t an inside job. When asked how such a substantial amount of digital assets could be stolen, Coincheck stated that they were keeping customers digital assets in a hot wallet, making the virtual assets more vulnerable to hacks. It now appears that the breach occurred because of a virus spread to staff computers at Coincheck.

It has been alleged that hackers emailed employees with the Mokes and Netwire malware, and other malicious files. Once the computer is infected, the malware goes to work spying on the user, capturing keystrokes, scanning for sensitive files, taking frequent screenshots (sometimes every 30 seconds), and recording the screen. The malware then sends with information to a command and control server where the hackers can use the data to compromise the systems.

Not the Notorious North Korean Crypto Hacking Group Lazarus

It was previously thought that the heist was carried out by the notorious North Korean hacking group, Lazarus. Lazarus has been at the center of high profile cryptocurrency hacks for some time so it seemed like a reasonable assertion to many. However, the malware found on the employees’ computers appears to have originated from Russia. The malware appeared on Russian-based message boards suggesting that it is of Russian origin.

This fresh research released by Japanese news agencies has changed the focus from North Korean hacking groups to Russian hacking groups; however, we are still no closer to finding out which hacking group is behind the attack. There are a number of high profile hacking groups in Russia and Eastern Europe in general.

According to a cybersecurity expert:

“From the analysis of the virus, Eastern Europe and Russia may be related to the server criminal group of the base.”

When the $534 million funds were stolen, they were transferred to a number of Bitcoin wallet addresses. The personal identities or groups behind these wallet addresses aren’t known, so the identity of the hackers has always been an unknown that Coincheck is working hard to solve. It seems that the investigation is still ongoing and it’s possible that more revelations will follow as the investigation matures.

What do you think about the article?

Sharing Is Caring: