A cryptocurrency payments platform has revealed how a sophisticated hacking group used a fake job interview to steal $37 million worth of crypto from its systems.
CoinsPaid, an Estonia-based cryptocurrency payments firm, suspects that the notorious North Korean state-backed Lazarus Group is behind the hacking of its internal systems, which allowed them to steal $37.3 million on July 22.
The firm said that the hackers used “highly sophisticated and vigorous social engineering techniques” to target one of its employees, who responded to a fake job offer and downloaded malicious software during a fake job interview.
The malware gave the hackers access to CoinsPaid’s infrastructure and enabled them to exploit a vulnerability in the cluster and open a backdoor. The hackers then used the information they gained to make legitimate requests for interaction interfaces with the blockchain and withdraw the company’s funds from its operational storage vault.
“We suspect Lazarus Group, one of the most powerful hacker organisations, is responsible,” CoinsPaid said in a blog post. “We have no doubt the hackers won’t escape justice.”
CoinsPaid Partners with Match Systems to Track the Stolen Funds
CoinsPaid said it has partnered with blockchain security company Match Systems to track the stolen funds, the majority of which were transferred to SwftSwap, a decentralized exchange.
According to the firm, many aspects of the hackers’ transactions mirrored those of the Lazarus Group, as in the $35 million hack of Atomic Wallet in June. The firm also said that the hackers expected the attack to be much more successful, but the company’s dedicated team of experts worked tirelessly to fortify its systems and minimize the impact.
CoinsPaid filed a report with Estonian law enforcement three days after the hack to further investigate the exploit. In addition, blockchain security firms such as Chainalysis, Match Systems and Crystal assisted in CoinsPaid’s preliminary investigation over the first few days.
Lazarus Group Targeting Crypto and Cybersecurity Sectors
Lazarus Group is a well-known cybercrime organization that has been linked to several high-profile attacks on crypto exchanges, banks, and other entities. The group is believed to be sponsored by the North Korean government and is motivated by financial and political gains.
Online coding platform GitHub recently reported that Lazarus Group is conducting a social engineering scheme targeted at workers in the cryptocurrency and cybersecurity sectors. The group’s objective is to lure in these professionals and compromise their GitHub accounts with malware-infected NPM packages to infiltrate their computers.
The CoinsPaid hack is another example of how Lazarus Group is using sophisticated and deceptive methods to steal crypto assets from unsuspecting victims. Crypto users and platforms should be vigilant and cautious of any suspicious offers or requests, and always verify the identity and legitimacy of the source.
