Russian Hackers Might Be Behind the $530M Coincheck Hack

Russian hacker. Hacking laptop with binary computer code and russia flag on the screen. Internet and network security.

New evidence points to Russian hackers in the 2018 Coincheck heist, previously thought to be carried out by North Korean hackers.

The $530 million hack of Tokyo-based Coincheck that shook the cryptocurrency world in January 2018 was believed to be carried out by state actors working on behalf of the North Korean government. However, a report emerged recently in Japanese media sources that points to a Russian group as the perpetrator of the attack.

The hack resulted in the loss of NEM tokens with a value greater than the value of Bitcoins stolen from Mt. Gox in 2014. This is due to the timing of the attack, occurring around the time when the cryptocurrency market reached its peak value.

Smokebot: Russian Malware Traced

The information regarding Russian involvement has surfaced following the detection of Smokebot, a “backdoor bot” malware that cybersecurity experts say is linked to Russian sources. Some employee computers at Coincheck have been found with traces of Smokebot, which is designed to target Windows operating systems.

Smokebot has multiple capabilities, including executing commands from a remote server, stealing information and perpetrating distributed denial of service (or DDoS) attacks.

Smokebot can be traced back to 2011 when it was put up for sale online. It was posted on a Russian-language forum, leading cybersecurity experts to believe that a Russian hacking group may be responsible for the Coincheck hack.

Malware Delivered Through Phishing

Details now published by Japanese publication The Asahi Shimbun indicate that the hackers delivered the malware to Coincheck employees in an email. At least one employee inadvertently downloaded and installed the viruses, known as “mokes” and “netwire,” on their computer. Using this method, the hackers managed to access security keys and steal the cryptocurrency held on behalf of Coincheck’s customers.

Previously Assumed to Be the Work of North Korean Hackers

Prior to the release of this new information, the Coincheck hack had been blamed on North Korean hackers.

The North Korean connection appeared last February in a statement from South Korea’s National Intelligence Service and was later confirmed by Moscow-based security firm Group-IB.

But according to an unnamed U.S. cybersecurity expert who spoke to The Asahi Shimbun, the phishing emails have been traced back to hackers in Russia or Eastern Europe.

north Korean hooded hacker

The North Korean connection appeared last February in a statement from South Korea’s National Intelligence Service and was later confirmed by Moscow-based security firm Group-IB.

The State of the Crypto World

The digital currency scene has changed dramatically in the past two years with crypto prices falling drastically, largely driving out individuals looking to use cryptocurrencies as a viable mechanism for financial transaction.

Governments across the world have yet to recognize these currencies as valid for transactions. Investment instruments like Bitcoin ETFs have been discussed, but none have received the necessary stamp of approval from financial regulators.

The threat of hacking has now moved to mobile devices as they are responsible for an increasing amount of internet activity. Users of all internet-enabled devices need to protect their computers and smartphones with antivirus software and VPNs. These methods may be able to protect users from attacks like the one that occurred at Coincheck.

Comments (No)

Leave a Reply