A hack of CoinsPaid, the world’s largest crypto payments provider, was the result of six months of stealthy moves by the Lazarus Group, according to a detailed report on the incident. CoinsPaid, like other crypto players, has internal defenses to thwart laundering of its assets. But the speed at which hackers can move funds to new addresses makes blockchain scoring inadequate, CoinsPaid found.
CoinsPaid suffered a large-scale exploit last month, with black-hat hackers walking away with about $37.3 million on July 22. On July 26, the organization revealed that it suspected the Lazarus Group. The latter is a North Korean state-backed hacker collective and one of the most infamous criminal organizations in the world.
Blockchain Scoring Not Enough in 2023, Says CoinsPaid
According to the report, CoinsPaid, alongside the cybersecurity firm Match Systems, was able to follow the hacker’s activity. In order to gain access, the group offered CoinsPaid employees lucrative jobs under a false identity.
As part of the “recruitment process,” the CoinsPaid employees were asked to download software for a writing task. The kind that is a standard part of job applications. However, the program was in fact malware that allowed the hackers access to CoinsPaid’s systems.
Once inside, the hackers were able to forge authorized requests to withdraw funds from CoinsPaid hot wallets.
CoinsPaid claims to have followed standard procedure after the hacking event by notifying all major exchanges and cybersecurity firms. It provided information about hackers’ addresses and included them in a markup, which it shared within the community to prevent the further movement and laundering of the funds.
The report continues:
“However, distributing markup to subsequent addresses when moving funds takes up to 60 minutes. Based on the results of our investigation, the CoinsPaid hackers moved funds to new addresses in a matter of minutes before the markup could keep up with the perpetrators’ actions.”
It adds: “This vulnerability makes blockchain scoring largely ineffective in preventing and minimising the impact of money laundering schemes employed by hacker groups in 2023.”
According to CoinsPaid, over $70,000,000 was retrieved in several dozen criminal cases with the help of Match System.
Learn how to stay safe in the world of crypto: Top 5 Flaws in Crypto Security and How To Avoid Them
Patterns Found With Previous Lazarus Group Attacks
Match System found that hackers used similar patterns to those previously used by Lazarus in a recent $100 million Atomic Wallet hack. They include utilizing swap services and mixers like SunSwap, SwftSwap, and SimpleSwap.
The hackers also used the Sinbad cryptocurrency mixer, to launder the funds without KYC and AML procedures.
The stolen money was withdrawn via the Avalanche Bridge, with most of the funds sent as USDT to the SwftSwap service on the Avalanche-C blockchain. A smaller portion went to the Yobit exchange, which showed large spikes in transaction volumes during the attacks.
CoinsPaid is planning a round-table event with blockchain-based firms to minimize the impact of hacking incidents.
What Can Other Firms Learn From the Attack?
CoinsPaid, in the new report, shares several crucial lessons from the recent attack. It emphasizes the importance of not ignoring cybersecurity incidents, such as attempts to breach company infrastructure, social engineering, and phishing. These, it warns, could be signs of impending major attacks.
The company also highlights the need to educate employees about how perpetrators operate. Tactics can include fake job offers, bribes, and seemingly innocuous communications requests to gain access to the company’s infrastructure.
To enhance security, CoinsPaid also encourages the adoption of the principles of Separation of Duties and Least Privilege. A security measure that ensures that staff have the minimum viable permissions needed to do their job.
To better detect and respond to potential threats, the company advises creating a separate security log store to capture all relevant events. Firms should also establish a robust monitoring and alerting system for suspicious activities.
You can view the full list of CoinsPaid’s recommendations here.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.