Viruses “first marketed in a Russian bulletin board in June 2011” have been found on computers of employees at Coincheck, a Japanese cryptocurrency exchange hacked in January 2018 for more than $534 million USD in NEM tokens, Asahi Shimbum writes.
Previously, South Korean intelligence had pointed a finger at prolific North Korean hacker group called Lazarus, though, according to the Reuters, “… the National Intelligence Service did not present evidence that North Korean hackers were responsible for one of the largest cryptocurrency heists in history but flagged it as a possibility.”
Now, a “US-based expert” has reportedly told Asahi Shinbum:
“From the analysis of the virus, Eastern Europe and Russia may be related to the server criminal group.”
The Asahi report further details how the dizzying hack on Coincheck, the second worst in history after Mt Gox, was executed, stating that employee computers were infected via “phishing” attack.
In a phishing attack, employees are enticed via email to unwittingly install malicious software on a workplace computer, often by clicking an infected link in an email.
Once Coincheck’s systems were infected, Asahi writes, “… ‘keys’ that could manipulate virtual currency accounts were stolen…(and) infected PC(s) (were) taken over and operated remotely.”
Prior to the January 2018 hack, Coincheck was reportedly the most popular bitcoin exchange in Japan.
Crypto trading markets in Japan experienced a steady rise in activity after China began progressively banning the sector in late 2016.