Russian Hackers Linked To Coincheck 2018 Hacking Which Once Believed To Be North Korea

Russian Hackers Linked To Coincheck 2018 Hacking

A new report of the investigation into the hacked Coincheck exchange has revealed that the personal computers of the exchanges’ staff workers have allegedly been established to have been compromised by a virus originating from a Russian hacker syndicate.

The revelations comes after authorities have long suspected North Korea to be behind the record breaking crypto heist.

At the start of 2018, Coincheck reported a massive breach that saw more than 500 million NEM tokens embezzled from the Japan-based crypto exchange, that was estimated to be worth about $530 million at the time.

Coincheck customers were first made aware of the attack after the exchange put all withdrawals on hold. The unexpected decision was reached after a Ripple payment worth $123 million (101,265,057 XRP) left its wallet in simultaneously with other unauthorized and larger withdrawals.

At first, North Korean hacker syndicates became the prime suspects as major agencies instituted investigations to unravel the syndicate.

However, the report by Japanese newspaper Asahi Shimbun today, which cites various anonymous sources, says that the malware established at the exchange had been emailed to the exchange’s workers. It comprised of a malware called Mokes and Netwire, that enables hackers to take over and control the compromised computer remotely.

As per the report, Mokes were initially promoted in Russia through an advertisement board in June of 2011 and is understood to be utilized by many Russian hackers. On the other hand, Netwire, has been in use for more than 12 years.

After a comprehensive analysis of the virus, a United States cybersecurity professional revealed to Ashahi Shimbun that hackers from Russia or probably Eastern Europe could be the ones behind the 2018 Coincheck attack. The expert said:

“From the analysis of the virus, Eastern Europe and Russia may be related to the server criminal group of the base.”

Increased Rates of Cyber Attacks

In related news, not long ago, yet to be recognized hackers, used phishing as well as viruses to steal 7,000 Bitcoin from different compromised Binance hot wallets. Preliminary investigations by the exchange firm revealed that the attack was premeditated and the exchange’s security systems did not detect the heist.

In a similar manner, Bithumb suffered two attacks in less than one year which led to loss of huge amounts of crypto assets.

CoinDesk reports that In february this year, Korea’s intelligence service (NIS) released a report indicating that phishing as well as other cyber attack methods had led to stealing of huge amounts of users funds. South Korea is also actively investigating if North Korea was involved in various attacks on exchanges including Coincheck heist.

In october, a cybersecurity company referred to as Group-IB released a report which linked North Korea to a possible state-sponsored hacking syndicate with the group claiming that the same team was behind Coincheck’s heist.

Following the various cyber attacks on crypto exchanges around the world, countries are coming up with strict rules to force the exchanges to be extra vigilant with South Korea now forcing exchanges to reimburse the users in case of an attack.

Do you think Russians are behind Coincheck’s record breaking heist? Let us know in the comments section.