Estonia-based crypto payment processor CoinsPaid, controlled by the Austrian national Alexander Horst Riedinger and his Ukraine partner Max Krupyshev, has reported that approximately $37 million in cryptocurrency was stolen in a cyberattack likely orchestrated by the North Korean Lazarus Group. The company suspended automatic transactions and began moving the systems to new infrastructure.
Impact on CoinsPaid Revenue
According to CoinsPaid, the attackers employed elements of social engineering, attempted aggressive bribery of critical personnel, and targeted various internet-accessible applications. Eventually, they identified a vulnerable application not directly involved in service provision.
Through this vulnerability, the attackers compromised CoinsPaid‘s infrastructure supporting transactions and manipulated transaction data. Systems have been restored to normal operations, and processing of transactions has resumed, but CoinsPaid expects an impact on its revenue following the incident.
The company said that it quickly detected the attack, addressed the vulnerability, and prevented the hackers from stealing more funds. Additionally, CoinsPaid reassured its clients that their funds were not impacted by the incident.
North Korean Lazarus Group
Believed to operate on behalf of the North Korean government, Lazarus Group has been blamed for multiple high-profile crypto thefts and is said to have stolen more than $1 billion in crypto assets over the past two years. While little is known about the group, researchers have attributed many cyberattacks to them between 2010 and 2021.
This year alone, Lazarus has been blamed for the $100 million Horizon Bridge heist, theft of $35 million in cryptocurrency from Atomic Wallet, and recent $23 million cryptocurrency heist at payment processor Alphapo.
In February 2021, the US Department of Justice issued indictments against three members of the Reconnaissance General Bureau, a North Korean military intelligence agency, for their involvement in various Lazarus hacking campaigns. The indicted individuals are Jin Hyok, Jon Chang Hyok, and Kim Il. Notably, Park Jin Hyok had already been indicted in September 2018. However, none of these individuals are currently in the custody of the United States.
On 14 April 2022, the US Treasury’s OFAC placed Lazarus on the SDN List under North Korea Sanctions Regulations section 510.214.