Complex Made Simple

Grand theft Crypto: perpetrators of biggest token theft at Coincheck exchange revealed

$530 million token hack have now been tracked to rogue elements tied to Russia- How was it done?

Virus variants known to be linked to Russian hackers have been found on employee computers at the Tokyo-based Coincheck exchange South Korea’s National Intelligence Service (NIS) said that phishing scams and other methods had yielded tens of billions of 'won' in customer funds As of January 2019, over $1 billion had been lost from cryptocurrency attacks, and the Coincheck is just the latest incident

Russian hackers, not North Korean, may be the bad actors behind probably the biggest ever theft from a cryptocurrency exchange.

Japanese newspaper Asahi Shimbun reports Monday that virus variants known to be linked to Russian hackers have been found on employee computers at the Tokyo-based Coincheck exchange, Coindesk reported

Coincheck suffered a breach in January 2018 that resulted in the loss of 500 million NEM tokens worth around $530 million at the time – an amount even bigger than that lost by Mt. Gox.

Read more: FIFA WC accepts Bitcoin but is your digital wallet insured for theft?

According to the report, the malware found at the exchange had been emailed to employees and included types called Mokes and Netwire, which allow malicious distributors to gain access to victims’ machines and operate them remotely. Mokes apparently first appeared on a Russian bulletin board in 2011, while Netwire has been around for 12 years.

The Coincheck hack has previously been linked with North Korea. In a report last February, South Korea’s National Intelligence Service (NIS) said that phishing scams and other methods had yielded tens of billions of won in customer funds. The country’s authorities were said at the same time to be probing whether North Korea was behind the Coincheck attack.

Cybersecuirty firm Group-IB also made the link between the allegedly North Korean state-sponsored hacking team and Coincheck in an October report.

Based on an analysis of the viruses, a U.S. cybersecurity expert told the Ashahi Shimbun that Russian or Eastern European hackers may be linked to the Coincheck attack.

Francis Gaffney, Director of Threat Intelligence, Mimecast, commented:

“Nearly every week it seems that there is another cyberattack involving cryptocurrency theft. In fact, as of January 2019, over $1 billion had been lost from cryptocurrency attacks, and the Coincheck is just the latest incident. At the end of the day, cybercriminals are going to go directly where the money is via point-of-sale-focused attacks, like we’re seeing here and with ransomware. Attacks on cryptocurrencies and their enabling exchanges are particularly troubling for systems like currencies, which rely heavily on trust for reliable means of exchange."

Read more: One third of MENA businesses don't have a response plan for a cybersecurity hack

He adds: "We see these crypto-based attacks begin with sophisticated phishing campaigns and malware droppers. From there, threat actors study their victims to identify their credentials and capture their sensitive information. And, no longer are these attacks strapped to remote locations, as incidents involving mobile devices (smartphones, tablets, etc.) are on the rise. In order to defend against crypto hacking, and for the Internet to continue to grow as an economic force, organizations must implement good cyber hygiene and robust cyber resilience across all platforms.”