Estonian Crypto-Payments Service Provider CoinsPaid Targeted by Lazarus Group
Estonian crypto-payments service provider CoinsPaid recently discovered that the well-known hacking group Lazarus spent six months studying their platform before launching an attack on July 22nd. CoinsPaid collaborated with cybersecurity firm Match Systems to track the hackers’ activities and identify the platforms used to launder the stolen funds. The attackers orchestrated a meticulously planned campaign involving social engineering, bribes, and fictitious job offers. They eventually breached CoinsPaid’s infrastructure on July 22nd, resulting in a loss of $37.5 million. Despite implementing KYC measures and blockchain risk scoring systems, the hackers successfully laundered the stolen funds, pointing to the involvement of the Lazarus group.
Key Points:
- Lazarus Group spent six months studying CoinsPaid’s platform before launching an attack.
- CoinsPaid collaborated with Match Systems to track the hackers’ activities and identify money laundering platforms.
- The attackers used social engineering, bribes, and fictitious job offers to gain access to CoinsPaid’s infrastructure.
- The breach resulted in a loss of $37.5 million.
- Despite implementing security measures, the hackers successfully laundered the stolen funds.
Hot Take:
This incident highlights the growing sophistication and persistence of hacking groups in the crypto industry. Companies must remain vigilant and continuously update their security measures to protect against these types of attacks. Additionally, collaboration between crypto service providers and cybersecurity firms is crucial in tracking and preventing such incidents. The involvement of the Lazarus group raises concerns about the group’s expanding influence and the need for international cooperation to combat cybercriminals.
By
By
By