A fresh insight into a $37 million hack on crypto provider CoinsPaid showed that suspected hackers, the North Korean Lazarus Group, gained access to the exchange’s system through a job interview with one of its programmers. According to a report from Bloomberg, the hackers lured the software engineer to download a file he would use for a technical test in July, which he did with his work system, giving them access to CoinsPaid’s database.
The interview, which happened in July, saw the hackers disguise themselves as Crypto.com recruiters and offer the vulnerable CoinsPaid employee a lucrative offer worth over $30,000 per month. The hackers reached out to the programmer on LinkedIn before conducting the 40-minute interview, the report stated.
Hackers Made Swift Transfers
The CoinsPaid security team noticed a quick and suspicious fund outflow from the company’s account on July 22. The operation, which took about four and a half hours, saw the hackers make off with $37 million before the team could shut down the system.
When the exploiters entered the exchange’s database, they immediately withdrew cryptocurrencies from CoinsPaid’s active wallet and began moving them to unknown addresses. The alleged North Korean hackers used a Sinbad mixer and other mixing tools to cover their tracks and successfully pilfer the cash.
Hackers Flirted With Other Employees Before Hack
An internal investigation into CoinsPaid’s database showed that before the actual hack, the hackers made calculated, failed attempts to hack the exchange by sending phishing messages, questioning staff, and offering them luxurious job offers. The flirting started about six months before the actual hack, data from the internal audit showed.
The hack meant that CoinsPaid lost about 18 months of profit to the exploiters. CoinsPaid has decided against sacking the employee, and he is still working for it.
Lazarus’s hacking activity has become a concern for the Western world, as the North Korean hackers are reportedly funding a nuclear program in Pyongyang. The total amount of crypto stolen by North Korea reached $2.3 billion in 2022.
