Turner Wright8 hours agoCoinsPaid claims North Korean hacking group used fake job interview to steal $37MHackers attempted to infiltrate CoinsPaid infrastructure directly starting in March 2023 but switched their approach to targeting individuals through fake high-salary job offers.1562 Total views28 Total sharesListen to article 0:00Follow upJoin us on social networksEstonia-based cryptocurrency payments firm CoinsPaid suspects North Korean hackers with the Lazarus Group gained access to its systems through fake recruiters targeting employees.

In an Aug. 7 blog post, CoinsPaid said an exploit that allowed hackers to steal more than $37 million on July 22 was the result of tricking one employee into downloading software during a fake job interview, having them believe they were completing a technical task. The firm reported that the worker responded to a job offer put out by hackers and downloaded the malicious code, allowing the bad actors to steal information and give them access to CoinsPaid’s infrastructure.

“Having gained access to the CoinsPaid infrastructure, the attackers took advantage of a vulnerability in the cluster and opened a backdoor,” said CoinsPaid. “The knowledge perpetrators gained at the exploration stage enabled them to reproduce legitimate requests for interaction interfaces with the blockchain and withdraw the company"s funds from our operational storage vault.”We Know Exactly How Attackers Stole and Laundered $37M USD

CoinsPaid invited a partnership with @MatchSystems, in cooperation with law enforcement agencies and regulators, accompanies the process of returning stolen #crypto assets.

Read more: https://t.co/jLF3ICo603 pic.twitter.com/0gDy9CJcS7— CoinsPaid (@coinspaid) August 7, 2023

Related:Curve hacker behind $61M heist begins returning funds

In its July 26 post-mortem report of the hack, CoinsPaid said it suspected Lazarus Group. Prior to the $37 million exploit, the hackers had made several attempts to infiltrate the platform starting in March 2023 but switched their approach to “highly sophisticated and vigorous social engineering techniques” after multiple failures — targeting individual workers rather than the company itself.Tracing the funds stolen from CoinsPaid on July 22. Source: CoinsPaid

CoinsPaid said it had partnered with blockchain security company Match Systems to track the stolen funds, the majority of which were transferred to SwftSwap. According to the firm, many aspects of the hackers’ transactions mirrored those of the Lazarus Group, as in the $35 million hack of Atomic Wallet in June. The company was continuing to monitor any movement of the funds as of Aug. 7. 

Magazine:Should crypto projects ever negotiate with hackers? Probably# Business# Hackers# Estonia# North Korea# HacksAdd reactionAdd reactionRelated NewsWhat are NFT royalties, and how do they work?Worldcoin: Should you let Sam Altman scan your eyeballs for WLD?Ensuring integrity of blockchain transactions: Trust through auditsBinance CEO warns of phishing scams as Uniswap founder gets hackedGaming DAO warns users of fake airdrops amid social media hacksCrypto payment gateway CoinsPaid suspects Lazarus Group in $37M hack