Report: Record-Breaking Coincheck Hack Perpetrated by Virus Tied to Russian Hackers
The personal computers of employees at hacked Japanese crypto exchange Coincheck have allegedly been found to have been infected by a virus associated with a hacker group of Russian origin. The allegation was reported by Cointelegraph Japan on June 16.
As Cointelegraph has reported, in January 2018, Coincheck suffered an industry record-breaking hack when $534 million worth of NEM was stolen from its wallets.
Japan cites a report from Japanese media agency Asahi Shimbun, which claims that fresh research has cast doubt on prior assumptions that the high-profile hack had been perpetrated by attackers with a North Korean connection.
Experts are now considering the possibility that the crime was committed by “an unknown group of hackers,” Cointelegraph Japan notes.
According to Asahi Shimbun, "Mokes" and "Netwire" viruses have been identified in recent investigations into employees' personal computers, which may have been disseminated via an email that installed the viruses to gain unauthorized access to the
exchange’s private keys.
Given that both viruses are known to have been previously deployed by Russian hackers, a United States expert told the media agency:
"From the analysis of the virus, Eastern Europe and Russia may be related to the server criminal group of the base."
As Asahi Shimbun reports, both viruses enable hackers to take over the infected PC and operate it remotely. While Morks was first promoted on a Russian forum in June 2011, Netwire is reported to have been known to cybersecurity investigators for 12 years.
As reported this May, as yet unidentified hackers used phishing and viruses to withdraw 7,000 bitcoin (BTC) from compromised Binance hot wallets in a premeditated attack that went undetected by the exchange’s security systems.
This spring, a South Korean cybersecurity firm claimed that North Korean hackers were behind a phishing scam targeting users of South Korean
cryptocurrency exchange UpBit.