Each missile fired by North Korea represents less fertilizer for its farmersbut also stolen cryptocurrencies across the world. Yes, Kim Jong-un does not skimp on the means at his disposal to feed his ambition to become the most powerful nuclear force in the world. Thus, hackers working for their own account, in particular those affiliated with the Lazarus group, is permanently activated. Recently, this collective made a name for itself by siphoning off millions at CoinsPaida Ukrainian crypto payment processor.
6 months of preparation for Lazarus Group
For some senior American officials, the Lazarus hacker group would be at the mercy of Kim Jong-un. In other words, the millions of cryptocurrencies stolen from Axie Inifity, Atomic Wallet and Horizon Bridge would accrue in the hands of the North Korean dictator.
” We know exactly how the attackers stole and laundered 37 million USD.
CoinsPaid has offered a partnership with Match Systems, in cooperation with law enforcement agencies and regulators, to support the process of returning stolen crypto-assets. »
In a recent articleCoinsPaid summarized the modus operandi of this group of hackers having caused the $37.3 million loss last July 22.
Very experienced in hacking, Lazarus Group has put 6 months to study the flaws of CoinsPaid. Slowly but surely.
” Since March 2023, we have recorded constant attacks and unsuccessful against the company, of various types, ranging from social engineering to DDos and BruteForce. »
Frontal attacks have been carried out since:
- March 27: investigation (in the form of a questionnaire) carried out with 3 developers on the state of the technical infrastructure of CoinsPaid;
- April May : acts of piracy (spam, phishing, etc.) in four stages to be able to access the crypto company’s systems via employee and customer accounts;
- June-July: launch of a seduction operation to bribe CoinsPaid staff;
- July 7: mass attack“ carefully planned and prepared ”, including 150,000 different IP addresses, against the crypto payments provider;
- July 22: The North Korean group Lazarus succeeded, taking home $37.3 million in cryptocurrency.
The timeless Trojan horse strategy
CoinsPaid believes that its systems benefit from optimized security. After unsuccessful external attempts, the hackers had to use an employee’s computer. It falls under ” very sophisticated and vigorous social engineering techniques “.
Moreover, these practices, including phishing in particular, succeed in 75% of casesestimates CS Hub.
To loot the millions of CoinsPaid, Lazarus Group resorted to fake recruitments on Linkedin and Crypto.com. Otherwise, he tried to corrupt his employees, even if it meant manipulating them.
At one point, North Korean hackers came up with astronomical salaries, ranging from $16,000 to $24,000 per month, to the staff of this Ukrainian company. Those who took the bait were offered theinstalling the JumpCloud agent, or a similar program under their control, to perform some technical tasks (testing, mentioning profiles and keys, etc.). And subsequently, open the doors of CoinsPaid wide to hackers.
Thus, Lazarus was able to access funds associated with CoinsPaid blockchain nodes. Luckily they couldn’t break into his hot wallets, and the alarm system was able to go off in time.
As a result, fewer complications and losses to manage for the CoinsPaid team.
Otherwise, the toll is heavy for the platform. USDT holdings on Tron, Bitcoin and ERC-20 tokens deployed on Ethereum disappeared in the wild. The stablecoins thus obtained were immediately exchanged for USDT on Avalanche. To do this, the hackers used the decentralized exchanges (DEX) SwftSwap, Uniswap and SunSwap. As well as centralized exchanges (CEX) like Bybit, Huobi, Kucoin and Binance.
Something to remember the attack known recently by Atomic Wallet.
Last year, yours truly looked into the method used by the Lazarus group. You will find in this article tips to protect yourself from attacks by hackers affiliated (or not) with this collective.
Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of daily and weekly so you don’t miss any of the essential Tremplin.io!
