Link copied 
Estonian digital currency payment company, CoinsPaid, recently faced a significant security breach. Their internal investigation pointed the blame towards the notorious North Korean hacker group, Lazarus Group. Interestingly, the method used to penetrate their robust security measures was not a typical one.
On July 22, CoinsPaid detected an unauthorized transfer of over $37 million. This unexpected breach sent shockwaves through the company. Digging deeper into the issue, the company discovered that the breach occurred because of an unsuspecting employee. This individual was lured by a fake job opportunity. During the so-called 'job interview,' the employee was asked to download specific software, thinking it was part of a technical evaluation. Unbeknownst to them, this software contained malicious code that provided hackers with a gateway into CoinsPaid’s internal systems.
Once inside the system, these cybercriminals detected a weak spot in the network cluster, allowing them to establish a more permanent access route. Leveraging the intel they gathered, the hackers expertly imitated genuine transaction requests. This allowed them to siphon company funds from the operational storage without raising immediate alarms.
After an in-depth assessment, CoinsPaid released a report on July 26 stating their suspicions regarding the Lazarus Group's involvement. This suspicion stems from a pattern recognized in the attack strategies, eerily reminiscent of previous attacks linked to the same group. One notable incident is the $35 million breach of Atomic Wallet in June.
While this recent attack was successful, it wasn't the first attempt by the hackers. CoinsPaid detected and repelled multiple intrusion efforts starting from March 2023. Over time, the hackers transitioned from direct attacks to more cunning social engineering tactics, targeting individuals instead of the system.
CoinsPaid is now working closely with blockchain security specialists, Match Systems, aiming to track and possibly recover the stolen assets. Preliminary findings show a significant chunk of the stolen funds were redirected to SwftSwap. With investigations still underway as of August 7, CoinsPaid remains vigilant, tracing any further unauthorized fund movements.
