Over a long period of time, the incidence of Coincheck piracy has been linked to the North Korean piracy group Lazarus. However, in a turn of events, the analysis of a group of security experts shows that it could have been the work of Russian hackers.
At first, the hacking incidence was thought to be an inside job, but Coincheck came out strongly and rejected the ideology that one of their employees worked with the hackers. According to a report, no Coincheck employee had a hand in the exchange losing over $500 million worth of NEM tokens.
Per the report, hackers gained access to the exchange’s private keys after sending malicious malware through email to employees who installed the malware without knowing. At the center of it all are two malware of Russian origin.
Malware Used Was Created In Russia
Mokes and Netwire malware are the malware used by the hackers to take over control of the employee’s computers, giving them the upper hand. The malware gave control to the hackers and in this case, enabled the Russian hacking group to operate a stealth mode hack that resulted in the loss of over $500 million worth of tokens. Furthermore, according to Asahi Shimbun, the malware is from Russian.
Mokes malware come to life in a Russian bulletin board in 2011. However, Netwire is malware that has been present in the scene for over 12 years. Apart from local security experts linking Coincheck hacking to Russian hackers, a security expert from the US confirmed that the hackers might indeed be from Russia or are of Eastern European origin.
Although North Korea’s Lazarus group is in the clear of Coincheck hack, they are responsible for the hacking of various exchanges. Their footprint in terms of hacking incidence is everywhere across the globe. Although cryptocurrency exchanges are putting advanced security measures to prevent hacking, the hackers seem to have found love in using phishing and viruses to get access to employee’s computers.