In recent crypto news, traditional exchange hacks are no longer as prevalent, but digital criminals remain shrewd than ever. One such illustration is the recent hack of CoinsPaid, a crypto payment processor, which underscores that even the most resourceful criminal groups are still investing their efforts into breaching centralized entities.
The Ukrainian firm reported a cyber heist on July 22, resulting in an estimated loss of $37.3 million in crypto assets. CoinsPaid used its own funds to refund its clients, which most likely includes online casinos, a significant user group of the payment processor.
Intricately looking into the event, CoinsPaid suggested that the criminals’ actions mirror those of the North Korean Lazarus Group. The attacker’s wallet carried footprints of a recent attack attributed to Lazarus – the Atomic Wallet hack in June. It is worth noting that these breaches didn’t happen overnight. The criminals targeted CoinsPaid for several months, investing their time in phishing and social engineering attempts.
In July, numerous employees got alluring job offers via LinkedIn from accounts posing as recruiters from other crypto establishments, one of them being Crypto.com. Later, the “recruiters” would ask new “employees” to install certain software, such as JumpCloud, a platform that Lazarus reportedly invaded. Some fell into the trap, installing the malicious software, facilitating the perpetrators’ access to CoinsPaid’s infrastructure.
Once gaining access, the cybercriminals demanded a large withdrawal of Tron-based USDT, Bitcoin, and several ERC20 tokens operating on the Ethereum blockchain, which took them about four hours to complete.
While this intrusion gave hackers unfettered access to the company’s servers, they couldn’t budge the private keys for CoinsPaid’s wallets, underlining the firm’s stringent security protocols. But the damage was done, and the funds were stolen. They were laundered via the Sindbad mixer, reportedly a favorite tool for North Korean hackers.
Despite promptly notifying the implicated cryptocurrency exchanges about the crime-related addresses, assaulting hackers cashed out in mere minutes. The process of receiving action from exchanges and tagging crime-related addresses is tediously slow. This led to momentous irritation and disappointment that law enforcement agencies take a lackadaisical approach in persuading exchanges to freeze criminal accounts.
The chief financial officer of CoinsPaid echoed this when he underscored the lag in law-enforcement action, stating, “You need to block the money, but that money is already gone.”
In conclusion, digital hygiene remains a critical piece of the security puzzle, along with proper staff training. There is a need for comprehending that cybercrime is evolving and therefore demands vigilance from all possible angles.
Source: Coindesk
