The CoinsPaid Hack Explained: We Know Exactly How Attackers Stole and Laundered $37M USD – lessons learned

COINSPAID.com [CP] investigated the hacker attack of July 22nd, 2023, resulting in the theft of 37.3M USD. In collaboration with Match Systems, a top cybersecurity firm, CP traces the perpetrators' steps minute by minute and identifies the services and platforms used to launder the funds. Based on CP's internal investigation, they have reasons to suspect that the top-tier hacker group Lazarus may be behind the attack on CoinsPaid. The hackers employed the same tactics and money laundering schemes that Lazarus had used in the recent Atomic Wallet heist.

Billed as the "top cyber threat groups around the globe in today's time" by the media, the Lazarus Group is responsible for hacking campaigns worldwide. Although the number of members and their names have not been identified conclusively, this cybercrime organisation is linked to the North Korean government.

• From 2009-2013, "Operation Troy", the first significant attack attributed to Lazarus, targeted government websites in the United States and South Korea.
• In 2014, Lazarus saw global recognition for its Sony Pictures hack: the perpetrators released the company's confidential documents, including information about employees, their work contracts and even their family members.
• In 2017, Lazarus struck again: the WannaCry ransomware attack was a worldwide cyberattack in May 2017, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom in Bitcoin. The hack lasted 4 days and resulted in infecting 300,000+ computers worldwide.

Lessons Learned from the Hack

1. This unfortunate incident provided some valuable experiences and insights for CoinsPaid that can help decrease both the number of hacking incidents in the crypto market and their scale of impact on the industry.
2. Here is the list of practical tips that security experts have compiled that other cryptocurrency providers can implement to boost hacker protection significantly.
   • Do not ignore cybersecurity incidents, i.e. attempts to break into your company's infrastructure, social engineering, phishing, etc. This may be a sign of hackers preparing for a major attack.
   • Explain to your employees how perpetrators use fake job offers, bribing, and even ask for harmless tech advice to access the company's infrastructure.
   • Implement security practices for privileged users.
   • Implement the principles of Separation of Duties and Least Privilege.
   • Ensure the protection of employees' workstations.
   • Keep infrastructure components up to date.
   • Segment networks and implement authentication and encryption between infrastructure components.
   • Create a separate security log store to upload all relevant events.
   • Set up a monitoring and alerting system for all suspicious activity in your infrastructure and applications.
   • Create an honest violator model and take measures adequate to the threats and risks that your business bears.
   • Please keep track of operating balances and monitor their unusual movement and behaviour.
   • Reduce the funds available for the company's operation to the necessary minimum.