- North Koreans did not conduct the hack on the Japanese cryptocurrency exchange as it was previously stated
- The heist was discovered on employee computers at Coincheck exchange
- It turns out that Russia had ties with the viruses used to initiate the hack
On June 17, 2019, a report has surfaced suggesting that North Korean hackers had been vindicated from the most prominent cryptocurrency theft that took place on virtual currency exchange. Recent discoveries have revealed that it was Russian hackers who had links to the said hacking attacks.
Coincheck Lost $530 Million to the Hackers
On January 18, 2018, a cryptocurrency exchange based in Tokyo – Coincheck was subjected to a breach in security that led them to lose 500 million NEM coins worth $530 million, an amount more than what Mt. Gox lost: the largest Tokyo-based bitcoin exchange company at the time. The coins were sent to another account at around 3 a.m. local time (1 p.m. ET Thursday).
The act was perpetrated by sending emails containing the responsible virus to employees at the exchange. Malware types that were discovered include Mokes and Netwire, which facilitate infiltration of harmful distributors to the victims’ machines and use a remote to control them. Netwire was found 12 years ago, while Mokes was discovered in 2012.
North Korea Not to Be Blamed
The breach at Coincheck had initially been linked to North Korea. South Korean National Intelligence Service (NIS), currently investigating North Korea regarding the Coincheck attack showed the production of customer funds in tens of billions produced by scams conducted through circumvention of the security of a website using a false name.
Another cybersecurity company, Group-IB, connected the Coincheck attack to a team of hackers which receives sponsorship from Lazarus; a North Korean state-sponsored hacking team that has been accused of attacking five crypto exchanges, Coincheck included. Lazarus was also connected to the Sony Pictures hack in November 2014.
North Korean thieves have also been suspected of targeting other bitcoin exchanges based out of Seoul such as Coinis and Yapizol. They use traditional equipment and methods such as defacing websites, spear phishing, social engineering, and distributing malware for the perpetuation of this act.
However, Ashahi Shimbun, a U.S cybersecurity expert, analyzed the viruses and established that the Coincheck attackers might be from Eastern Europe or Russia.