In a recent revelation, CoinsPaid, an Estonia-based crypto payments provider, disclosed details of a cyber heist that resulted in a loss of $37 million. It appears the culprits capitalized on the vulnerability of human trust.
By masquerading as potential employers through job interviews, the hackers believed to be the North Korean-based Lazarus Group, successfully infiltrated CoinsPaid’s system. According to people familiar with the matter, the Lazarus Group isn’t new to the spotlight for its cyber exploits. In the past, they’ve been connected to high-profile digital break-ins, notably the 2014 breach at Sony Pictures and the global WannaCry ransomware onslaught in 2017.
Their deep ties with the North Korean government and history of targeting cryptocurrency platforms suggest a sinister desire to amass foreign currency. From targeting government websites in Operation Troy between 2009 and 2013 to their recent activities in the crypto market, Lazarus has a comprehensive and extensive track record. Their crypto ventures include but are not limited to, hacks against Axie Infinity, Horizon Bridge, and Atomic Wallet.
The long con of CoinsPaid
According to CoinsPaid, this wasn’t an overnight job. The attackers laid the groundwork over six months, trying to find weak links within the crypto payment provider. They used various tactics, from social engineering, including DDos and BruteForce, to gathering intricate details about the company. Their perseverance finally bore fruit in July 2023, when they successfully launched a significant attack on CoinsPaid’s infrastructure.
What makes this hack exceptionally harrowing is its reliance on social engineering. Considered by many cybersecurity experts to be the top threat in 2023, these tactics exploit the human component of organizations. Fake LinkedIn recruiting was allegedly a favored strategy. CoinsPaid employees were lured with high-paying job offers and, during the so-called “interviews,” were tricked into installing malware that gave the hackers access to the company’s internal systems.
JumpCloud, an enterprise directory platform, was also a target in July 2023. Using the detailed intel gathered over months, Lazarus was adept at creating entirely believable narratives to exploit their targets.
Trailing the digital footprints
Despite the sophistication of the hack, CoinsPaid, in collaboration with cybersecurity firm Match Systems, meticulously traced the funds’ movement. They alerted all major crypto exchanges and implemented blockchain analytics to monitor and potentially freeze the st0len assets.
Surprisingly, most of the stolen assets ended up on the SwftSwap service as USDT tokens on the Avalanche-C blockchain. Further tracking revealed movement to the Ethereum blockchain, with subsequent transfers to the Avalanche and Bitcoin networks.
The hackers, however, faced a drain on their loot even as they performed their heist. Preliminary estimates suggest they lost up to 15% of the stolen funds due to market operations, token exchanges, and other hidden costs. It’s evident that even for cybercriminals, high returns often come with high costs.
Securing the future
The ordeal has been a wake-up call for CoinsPaid and potentially other crypto providers. Measures like not ignoring signs of breaches, training employees against social engineering tactics, protecting workstations, segmenting networks, and maintaining a robust monitoring system are now more critical than ever.
CoinsPaid’s forthcoming round-table aims to foster a collaborative approach among blockchain entities, ensuring the blockchain ecosystem remains resilient against future threats.
According to experts, the CoinsPaid hack underscores the vulnerability of human trust in the digital age. While technology continues to evolve, the ever-persistent human element remains both a strength and a weakness. The incident is a stark reminder that as much as the community needs to upgrade its systems, it must consistently educate and fortify the human component against evolving threats.
and then