Report: Record-Breaking Coincheck Hack Perpetrated by Virus Tied to Russian Hackers

Published at: June 17, 2019

The personal computers of employees at hacked Japanese crypto exchange Coincheck have allegedly been found to have been infected by a virus associated with a hacker group of Russian origin. The allegation was reported by Cointelegraph Japan on June 16.

As Cointelegraph has reported, in January 2018, Coincheck suffered an industry record-breaking hack when $534 million worth of NEM was stolen from its wallets.

Cointelegraph Japan cites a report from Japanese media agency Asahi Shimbun, which claims that fresh research has cast doubt on prior assumptions that the high-profile hack had been perpetrated by attackers with a North Korean connection.

Experts are now considering the possibility that the crime was committed by “an unknown group of hackers,”  Cointelegraph Japan notes.

According to Asahi Shimbun, "Mokes" and "Netwire" viruses have been identified in recent investigations into employees' personal computers, which may have been disseminated via an email that installed the viruses to gain unauthorized access to the exchange’s private keys.

Given that both viruses are known to have been previously deployed by Russian hackers, a United States expert told the media agency:

"From the analysis of the virus, Eastern Europe and Russia may be related to the server criminal group of the base."

As Asahi Shimbun reports, both viruses enable hackers to take over the infected PC and operate it remotely. While Morks was first promoted on a Russian forum in June 2011, Netwire is reported to have been known to cybersecurity investigators for 12 years.

As reported this May, as yet unidentified hackers used phishing and viruses to withdraw 7,000 bitcoin (BTC) from compromised Binance hot wallets in a premeditated attack that went undetected by the exchange’s security systems.

This spring, a South Korean cybersecurity firm claimed that North Korean hackers were behind a phishing scam targeting users of South Korean cryptocurrency exchange UpBit.

Tags
Related Posts
Report: North Korean Hackers Created Realistic Trading Bot to Steal Money
The North Korean hacking team Lazarus Group targeted several crypto exchanges last year, Chainalysis reports. One of the attacks involved the creation of a fake, but realistic trading bot website that was offered to employees of DragonEx exchange. In March 2019 the hackers stole approximately $7 million in various cryptocurrencies from Singapore-based DragonEx exchange. Though a relatively small sum, the hackers went to great lengths to obtain it. The group used a sophisticated phishing attack where they created a realistic website and social media presence for a fake company named WFC Proof. The supposed company had created Worldbit-bot, a trading …
Cryptocurrency Exchange / Feb. 5, 2020
North Korea Stole $2 Billion in Cryptocurrency From Exchanges, Says UN
North Korea has netted around $2 billion by hacking banks and cryptocurrency exchanges, according to the United Nations. UN: Hacked crypto funds weapons of mass destruction In a confidential report acquired by mainstream media outlets including Reuters on Aug. 5, the U.N. Security Council North Korea sanctions committee said that hackers formed an essential part of government funding. “Democratic People’s Republic of Korea cyber actors, many operating under the direction of the Reconnaissance General Bureau, raise money for its WMD (weapons of mass destruction) programs, with total proceeds to date estimated at up to two billion US dollars,” Reuters quoted …
Cryptocurrency Exchange / Aug. 6, 2019
UpBit Exchange Phishing Email Scam Came From North Korea, Source Claims
Hackers from North Korea were behind a phishing scam targeting users of South Korean cryptocurrency exchange UpBit, Korean-language cryptocurrency news outlet CoinDesk Korea reported on May 29. According to findings by local cybersecurity firm East Security, the scam came in the form of an email sent to UpBit users requesting account information. The pretence was a fake giveaway, with the emails also containing a file called “Event Winner Personal Information Collection and Usage Agreement.hwp,” which would run malicious code when opened. UpBit had alerted traders a day before, warning anyone receiving an email from the address “[email protected]” to discard it. …
Cryptocurrency Exchange / May 31, 2019
Coincheck Owner Monex Warns of Scammers Impersonating Its Businesses
Japanese online broker Monex Group, owner of hacked cryptocurrency exchange Coincheck, warned of a new scam claiming to be related to its business in a news release on Jan. 28. The scam, about which only brief details have been released, involves potential victims receiving calls from an entity dubbed “Monex Coin Management.” They are then invited to call a form of automated trading system linked to Monex, the release states, something that does not exist in practice. “The Monex Group and (subsidiaries) do not have any relation with the above company,” it confirms. Such illicit activity remains commonplace for major …
Cryptocurrency Exchange / Jan. 28, 2019
Hacked Crypto Exchange Coincheck Posts 66 Percent Lower Revenue in Q3 2018
Japanese crypto exchange Coincheck saw a 66 percent decline in revenue for Q3 2018, according to fiscal results published by the exchange’s operator, Monex Group, Oct. 29. Coincheck was acquired by Monex Group Inc. as a wholly owned subsidiary on Apr. 16, when Coincheck decided to rehaul its shareholder composition and management after $532 million worth of NEM was stolen from its wallets this January. Monex CEO Oki Matsumoto told CT Japan today the exchange is “still awaiting” a license from the regulator. Monex’s results reveal that between July and September (termed Q3 in the U.S., Q2 in the Japanese …
Bitcoin / Oct. 29, 2018