{"id":20800,"date":"2023-08-07T16:05:18","date_gmt":"2023-08-07T16:05:18","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/coinspaid-claims-north-korean-hacking-group-used-fake-job-interview-to-steal-37m\/"},"modified":"2023-08-07T16:05:20","modified_gmt":"2023-08-07T16:05:20","slug":"coinspaid-claims-north-korean-hacking-group-used-fake-job-interview-to-steal-37m","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/coinspaid-claims-north-korean-hacking-group-used-fake-job-interview-to-steal-37m\/","title":{"rendered":"CoinsPaid claims North Korean hacking group used fake job interview to steal $37M"},"content":{"rendered":"
\n

Estonia-based cryptocurrency payments firm CoinsPaid suspects North Korean hackers with the Lazarus Group gained access to its systems through fake recruiters targeting employees.<\/p>\n

In an Aug. 7 blog post, CoinsPaid said an exploit which allowed hackers to steal more than $37 million on July 22 was the result of tricking one employee into downloading software during a fake job interview, having them believe they were completing a technical task. The firm reported that the worker responded to a job offer put out by hackers and downloaded the malicious code, allowing the bad actors to steal information and give them access to CoinsPaid\u2019s infrastructure.<\/p>\n

\u201cHaving gained access to the CoinsPaid infrastructure, the attackers took advantage of a vulnerability in the cluster and opened a backdoor,\u201d said CoinsPaid. \u201cThe knowledge perpetrators gained at the exploration stage enabled them to reproduce legitimate requests for interaction interfaces with the blockchain and withdraw the company’s funds from our operational storage vault.\u201d<\/p>\n

\n

We Know Exactly How Attackers Stole and Laundered $37M USD<\/p>\n

CoinsPaid invited a partnership with @MatchSystems<\/a>, in cooperation with law enforcement agencies and regulators, accompanies the process of returning stolen #crypto<\/a> assets. <\/p>\n

Read more: https:\/\/t.co\/jLF3ICo603 pic.twitter.com\/0gDy9CJcS7<\/a><\/p>\n

\u2014 CoinsPaid (@coinspaid) August 7, 2023<\/a><\/p><\/blockquote>\n

Related: <\/em><\/strong>Curve hacker behind $61M heist begins returning funds<\/em><\/strong><\/p>\n

In its July 26 post-mortem report of the hack, CoinsPaid said it suspected Lazarus Group. Prior to the $37-million exploit, the hackers had made several attempts to infiltrate the platform starting in March 2023, but switched their approach to \u201chighly sophisticated and vigorous social engineering techniques\u201d after multiple failures \u2014 targeting individual workers rather than the company itself.<\/p>\n

Tracing the funds stolen from CoinsPaid on July 22. Source: CoinsPaid<\/em><\/figcaption><\/figure>\n

CoinsPaid said it had partnered with blockchain security company Match Systems to track the stolen funds, the majority of which were transferred to SwftSwap. According to the firm, many aspects of the hackers\u2019 transactions mirrored those of the Lazarus Group, as in the $35-million hack of Atomic Wallet in June. The company was continuing to monitor any movement of the funds as of Aug. 7.\u00a0<\/p>\n

Magazine: <\/em><\/strong>Should crypto projects ever negotiate with hackers? Probably<\/em><\/strong><\/p>\n<\/div>\n