CoinsPaid, a cryptocurrency payments platform, has accused the North Korean state-backed Lazarus Group of being responsible for a hack on its internal systems that resulted in a $37.3 million theft on July 22. In a post on July 26, CoinsPaid stated that they suspect the Lazarus Group, one of the most powerful hacking groups, to be behind the incident. Although they did not disclose how the money was stolen, the hack forced the company to suspend operations for four days.
CoinsPaid has confirmed that it has restored operations in a new limited environment and that client funds were unaffected. However, the platform and the company's balance sheet suffered significant damage. Despite the size of the exploit, CoinsPaid believes that the Lazarus Group was aiming for even larger sums, but the company's efforts to harden its systems resulted in the hackers receiving record low rewards.
After the hack, CoinsPaid promptly reported the incident to Estonian law enforcement for further investigation. Additionally, blockchain security firms like Chainanalysis, Match Systems, and Crystal assisted in the initial investigation. Max Krupyshev, the company's CEO, expressed confidence that the Lazarus Group would be held accountable for their actions, and they are determined to bring the hackers to justice.
Blockchain security firm SlowMist suggested a possible link between the CoinsPaid hack and two recent hacks on Atomic Wallet and Alphapo, which resulted in losses of $100 million and $60 million, respectively. Meanwhile, GitHub, an online coding platform, believes with "high confidence" that the Lazarus Group is engaging in a social engineering program targeting individuals in the cryptocurrency and cybersecurity sectors.
According to cybersecurity platform Socket.Dev, the Lazarus Group aims to lure professionals in these fields and infiltrate their computers by compromising their GitHub accounts with malware-infected NPM packages. The hackers often initiate contact through social media platforms like What sApp to build rapport before leading victims to clone malware-laden GitHub repositories. Socket.Dev advises software developers to carefully review repository invitations and be cautious when prompted to install npm packages through social media channels.
