Exploiting DeFi protocols has long become crypto’s most popular type of crime, while traditional exchange hacks have become far less frequent. But cybercriminals haven’t lost all interest in the good old digital robbery.
The recent hack of a crypto payment processor CoinsPaid shows that the most industrious cybercriminal groups in the world are still willing to spend formidable resources on breaking into centralized entities.
CoinsPaid, a Ukrainian firm registered in Estonia, reported being hacked on July 22, with estimated crypto losses of $37.3 million. According to the CEO Max Krupyshev, the company ended up refunding clients from its own funds. Those customers likely include online casinos, which according to a Blockchain Intelligence Group, are widespread users of CoinsPaid.
In a detailed explanation of the incident published Monday, CoinsPaid said that, judging by the thieves’ on-chain behavior, they were very likely the North Korean Lazarus Group or affiliated with it. To siphon money out of CoinsPaid, the attackers used wallets that included the one spotted in another recent attack attributed to Lazarus – the Atomic Wallet hack in June, Blockchain Intelligence Group wrote.
The attackers had been targeting CoinsPaid for months before finally pulling off the theft, CoinsPaid said. Fishing and social engineering attempts started in March, including a request from someone posing as a fellow Ukrainian crypto processing startup, who was asking CoinsPaid developers about the firm’s technical infrastructure, the blog post said. The attackers also tried to bribe CoinsPaid staff and engaged in distributed denial-of-service (DDOS) attacks aimed at the company’s servers.
Fishing for the gullible employees
Then, in July, several employees received lucrative job offerings from LinkedIn accounts posing as recruiters from other crypto companies, including the exchange Crypto.com. “For instance, some of our team members received job offers with compensation ranging from 16,000-24,000 USD a month,” the blog post said.
After making an initial contact, the fake recruiters asked the employees to install JumpCloud, a platform for user authentication that was reportedly also hacked by Lazarus in July, or other software, presumably to perform a test task. Several employees took the bait and…
Click Here to Read the Full Original Article at Cryptocurrencies Feed…
