The CoinsPaid attack was a six-month-long operation that involved infiltrating the company and was likely carried out by the North Korean hacker group Lazarus.
In a lengthy Twitter thread published on Aug. 29, entrepreneur and CoinsPaid advisor Evan Luthra described the attack on CoinsPaid as a “fully master-planned attack.”
Luthra further suggested that “top-tier hacker group Lazarus might be behind their recent attack” and that “investigations are pointing their way.” This group is also responsible for an attack on Sony Pictures, the Wannacry ransomware attacks, the $625 million Axie Infinity, $100 million Harmony Protocol, and $100 million Atomic Wallet crypto heists.
According to Luthra, the hacker group has been monitoring CoinsPaid for six months. It infiltrated their systems and found vulnerabilities in this time.
In March, the company faced numerous attacks, including social engineering attempts and distributed denial of service attacks. CoinsPaid received “sketchy queries” from an alleged Ukrainian startup.
In April, Coinspad’s four major systems were attacked. In July and August, its staff was bribed. That was followed by a major attack from over 150,000 IP addresses to trick an employee into installing software that let them take over the systems.
Moreover, Luthra explains how exactly the hacker group accessed the firm’s infrastructure. CoinsPaid staff was contacted by recruiters on LinkedIn with promises of hefty salaries ranging from $16,000 to $24,000 per month. During the interviews, the employees were tricked into installing the remote device management service JumpCloud Agent through a test assignment with malicious code.
JumpCloud, in its turn, was compromised by North Korean hackers in July.
As a result, the upcoming hack siphoned $37.3 million worth of cryptocurrency out of the company’s wallets in late July.