Details of North Korean hackers' attack on CoinsPaid revealed

A hacker group from North Korea, Lazarus, has been developing an attack on one of the largest crypto payment providers CoinsPaid for about six months. This is stated in the investigation of the company.

According to the publication, at the end of July, a programmer from the Estonian company CoinsPaid met via video link with a recruiter who applied via LinkedIn with a lucrative job offer. During the interview, he was asked to upload a file to take a technical test, which he completed on his work computer.

A few days later, on July 22, the CoinsPaid security service noticed a series of unusual withdrawals of funds - money was quickly drained from the company's accounts. By that time, CoinsPaid had lost $37 million.

Analysts note that the theft's speed and methodology indicate that the operation may have been carried out by Lazarus. They noted that the fake interview and subsequent hack was the culmination of an elaborate six-month operation in which hackers launched numerous attacks that scanned networks for technical vulnerabilities.

Moreover, in the run-up to the hack, hackers took a close look at CoinsPaid, conducting phishing attacks and approaching several employees with questions and job offers in order to gain access to internal systems.

As a result, as soon as the CoinsPaid engineer uploaded the file, the hackers were able to gain remote access to the CoinsPaid system, which allowed them to withdraw funds from active cryptocurrency wallets and start laundering cryptocurrency almost immediately. To do this, they used the Sinbad cryptomixer and various exchange services that mix and exchange different cryptocurrencies to make it difficult to determine the origin of a given token.

Hackers are now trying to cover up the traces of the hacks of the Harmony cross-chain bridge, the Atomic Wallet crypto wallet, as well as the CoinsPaid and Alphapo crypto projects through a series of cross-chain transfers.

According to Taylor Monahan, the founder of the MyCrypto crypto wallet, the attackers have already spent about $8.5 million in cryptocurrency over the past 24 hours through three networks: Ethereum, Avalanche and Bitcoin. The total amount of money laundered through such a cross-chain fraud in recent weeks has ranged from $25 million to $50 million. As part of the operation alone, hackers carried out over five hundred transactions.