Crypto Heist: Lazarus Group Allegedly Stole $37M From CoinsPaid
Overview of the Cyberattack
On July 30, 2023, Estonia-based crypto payment processor CoinsPaid, controlled by Austrian national Alexander Horst Riedinger and his Ukrainian partner Max Krupyshev, reported a significant cyberattack. Approximately $37 million in cryptocurrency was stolen, with the North Korean Lazarus Group suspected to be behind the attack. The company responded by suspending automatic transactions and migrating its systems to a new, more secure infrastructure.
Details of the CoinsPaid Cyberattack
The attack involved advanced tactics, including:
- Social Engineering: Targeted personnel were subjected to manipulative techniques.
- Bribery Attempts: Aggressive efforts to compromise critical employees.
- Application Exploitation: A vulnerable internet-accessible application, not directly involved in service provision, was exploited.
Impact on CoinsPaid Operations:
- Compromised Infrastructure:
- Transaction data was manipulated.
- Systems were temporarily disrupted.
- Rapid Recovery:
- Vulnerabilities were promptly addressed.
- Full restoration of transaction processing was achieved.
- Client Assurance:
- CoinsPaid assured customers that their funds remained secure and unaffected by the incident.
Revenue Impact and Future Steps
CoinsPaid acknowledged potential revenue impacts resulting from the cyberattack. However, swift detection and remediation measures minimized further losses. The company is taking additional steps to fortify its security systems against future threats.
The Lazarus Group: A Profile
The Lazarus Group, believed to operate on behalf of the North Korean government, has been linked to numerous high-profile cryptocurrency thefts.
Notable Attacks Attributed to Lazarus:
- Horizon Bridge Heist (2023):
- $100 million stolen.
- Atomic Wallet Hack (2023):
- $35 million in cryptocurrency stolen.
- Alphapo Heist (2023):
- $23 million stolen from the payment processor.
Historical Data:
Between 2010 and 2021, researchers attributed various cyberattacks to the Lazarus Group. These attacks targeted financial institutions, cryptocurrency platforms, and government systems.
Legal Actions Against Lazarus Group
- US Indictments (2021):
- The Department of Justice charged three individuals from North Korea’s Reconnaissance General Bureau:
- Park Jin Hyok (previously indicted in 2018)
- Jon Chang Hyok
- Kim Il
- The Department of Justice charged three individuals from North Korea’s Reconnaissance General Bureau:
- These individuals remain outside US custody.
- OFAC Sanctions (2022):
- On April 14, 2022, the US Treasury’s Office of Foreign Assets Control (OFAC) placed the Lazarus Group on the SDN List under North Korea Sanctions Regulations section 510.214.
CoinsPaid Recovery Highlights
| Aspect | Details |
| Amount Stolen | $37 million |
| Suspected Group | Lazarus Group (North Korea) |
| Recovery Actions | Suspension of transactions, migration to new infrastructure |
| Customer Funds | Unaffected and fully secure |
Call for Information
If you have any information about CoinsPaid, the Lazarus Group, or related activities, please share it through our whistleblower platform, Whistle42. Your insights are vital to understanding and mitigating cyber threats in the cryptocurrency industry.
