A Long Con: CoinsPaid Says Systems Were Under Attack For Six Months
2023年8月10日 - 12:00AM
NEWSBTC
In a new report, Estonia’s preeminent crypto payment and personal
wallet provider, CoinsPaid, has revealed the intricate workings of
a hacking incident that led to a colossal loss of $37 million. This
audacious breach was reportedly the culmination of a six-month saga
marked by calculated maneuvers and sophisticated tactics,
orchestrated by none other than the notorious Lazarus Group.
Collaborating with Match Systems, CoinsPaid embarked on a
comprehensive inquiry, unearthing the modus operandi of the hacking
group and exposing the subsequent laundering of pilfered assets in
a post. Elaborate 6-Month Operation By Lazarus Group The ploy,
characterized by an extraordinary level of meticulousness, spanned
half a year, revealing the calculated and relentless nature of the
hack. Employing a blend of social engineering and technical
strategies, the hackers engaged in a series of Distributed
Denial-of-Service and brute-force attacks. Related Reading:
Pro-XRP Lawyer John Deaton Says He Is Willing To Bet That Ripple
Will Win SEC Appeal Their calculated approach culminated in a July
22 breach with the manipulation of a CoinsPaid employee, ensnaring
them through a falsified job proposition. The ordeal began
innocently enough, as a CoinsPaid employee embarked on a video
interview for what appeared to be an enticing career prospect,
facilitated via LinkedIn. Little did they know that the
seemingly innocuous task of downloading a technical assessment was
part of an elaborate ruse orchestrated by the hackers. This single
act granted the hackers access to CoinsPaid’s systems, allowing
them to exploit software vulnerabilities and authorize unauthorized
withdrawals from the company’s hot wallets. The hacker executed a
swift sequence of unauthorized withdrawals, swiftly depleting the
company’s coffers in less than an hour of operation. In total,
CoinsPaid lost $37.3 million in the attack. Total market cap jumps
to $1.147 trillion | Source: Crypto Total Market Cap on
Tradingview.com CoinsPaid Moving Forward From The Incident
CoinsPaid’s exhaustive post-mortem report reveals invaluable
lessons extracted from the breach. The report highlights the
importance of training employees to identify social engineering
tactics, including job offers that might be a ploy to gain access
to internal systems. The report also explains the adoption of
principles like the Separation of Duties and Least Privilege,
advocating for the implementation of robust monitoring and alert
systems to detect suspicious activities. Following the
report, CoinsPaid will be hosting a roundtable discussion involving
blockchain-based entities, aiming to collectively address the
escalating threat posed by hacking incidents. Related Reading:
Valkyrie Unveils Double-Barreled Approach To Launch An Ethereum ETF
Alongside A Bitcoin ETF In the wake of the exploit, the payments
platform assured customers that none of their funds were affected.
The company also resumed all activities less than a week after the
hack took place. The Lazarus Group is believed to have stolen over
$3.8 billion in digital assets from crypto exchanges and
decentralized finance (DeFi) services since it became active.
Featured image from TechBullion, chart from Tradingview.com
Ripple (COIN:XRPUSD)
過去 株価チャート
から 9 2024 まで 10 2024
Ripple (COIN:XRPUSD)
過去 株価チャート
から 10 2023 まで 10 2024