Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on June 17, 2019

Russians (not North Koreans) thought to be behind $530M Coincheck hack

The malware originated from Russia


Russians (not North Koreans) thought to be behind $530M Coincheck hack

The $530 million hack that blighted Japanese cryptocurrency exchange Coincheck in January 2018 may have been carried out by Russian hackers.

A virus thought to be used in the hack has been found on employee computers and is linked to Russian hacker groups, the Asahi Shimbun reports.

The hackers allegedly emailed employees with malicious files, including the known Mokes and Netwire malware, which grant attackers remote access to infected systems.

It’s believed that employees inadvertently, or unknowingly, installed the viruses onto their machines. As a result, attackers were able to gain access to and manipulate the company’s security keys to steal the cryptocurrency.

The attack was previously thought to be the work of the North Korean hacking group Lazarus.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

However, both of the malwares emailed to Coincheck employees have been linked back to Russian hacking groups, and have previously appeared on Russian-based message boards. Mokes was first seen on a Russian bulletin board in June 2011, Netwire has been active for around 12 years.

Coincheck lost over $500 million worth of NEM tokens as result of the hack. At the time, the exchange didn’t verify how attackers had managed to pull off the heist, but the company was adamant that it wasn’t an inside job.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with