Inside money, markets, and big tech

Russians (not North Koreans) thought to be behind $530M Coincheck hack

The malware originated from Russia

russia, cryptocurrency, windows, hackers

The $530 million hack that blighted Japanese cryptocurrency exchange Coincheck in January 2018 may have been carried out by Russian hackers.

A virus thought to be used in the hack has been found on employee computers and is linked to Russian hacker groups, the Asahi Shimbun reports.

The hackers allegedly emailed employees with malicious files, including the known Mokes and Netwire malware, which grant attackers remote access to infected systems.

It’s believed that employees inadvertently, or unknowingly, installed the viruses onto their machines. As a result, attackers were able to gain access to and manipulate the company’s security keys to steal the cryptocurrency.

The attack was previously thought to be the work of the North Korean hacking group Lazarus.

However, both of the malwares emailed to Coincheck employees have been linked back to Russian hacking groups, and have previously appeared on Russian-based message boards. Mokes was first seen on a Russian bulletin board in June 2011, Netwire has been active for around 12 years.

Coincheck lost over $500 million worth of NEM tokens as result of the hack. At the time, the exchange didn’t verify how attackers had managed to pull off the heist, but the company was adamant that it wasn’t an inside job.

Published June 17, 2019 — 14:22 UTC