Russian Culprits Linked to Coincheck’s $530 Million Hack Attack
A new report of the investigation into the Coincheck exchange 2018 hack has revealed that the personal computers of the employees have been to have been infected by a virus originating from a Russian hacker syndicate.
Cointelegraph Japan cites a report from Japanese media agency Asahi Shimbun, which claims that fresh research has cast doubt on prior assumptions that the high-profile hack had been perpetrated by attackers with a North Korean connection.
Experts are now considering the possibility that the crime was committed by “an unknown group of hackers.”
According to the report, the malware found at the exchange had been emailed to employees and included types called Mokes and Netwire, which allow malicious distributors to gain access to victims’ machines and operate them remotely. Mokes apparently first appeared on a Russian bulletin board in 2011, while Netwire has been around for 12 years.
A U.S. expert told the media agency:
“From the analysis of the virus, Eastern Europe and Russia may be related to the server criminal group of the base.”
Coincheck suffered a breach in January 2018 that resulted in the loss of 500 million NEM tokens worth around $530 million at the time – an amount even bigger than that lost by Mt. Gox.
Cybersecuirty firm Group-IB also made the link between the allegedly North Korean state-sponsored hacking team and Coincheck in an October report.
Earlier this year, a South Korean cybersecurity firm claimed that North Korean hackers were behind a phishing scam targeting users of South Korean cryptocurrency exchange UpBit.
In other news, Korean cryptocurrency exchanges have been forced to accept liability for potential hacks. This comes after Bithumb suffered two attacks in just one year. Moreover, not long ago Binance lost 7,000 BTC from some of its compromised hot wallets.
Subscribe to our Newsletter
View original post