Crypto Heist: Lazarus Group Allegedly Stole $37M From CoinsPaid

Overview of the Cyberattack

On July 30, 2023, Estonia-based crypto payment processor CoinsPaid, controlled by Austrian national Alexander Horst Riedinger and his Ukrainian partner Max Krupyshev, reported a significant cyberattack. Approximately $37 million in cryptocurrency was stolen, with the North Korean Lazarus Group suspected to be behind the attack. The company responded by suspending automatic transactions and migrating its systems to a new, more secure infrastructure.

Details of the CoinsPaid Cyberattack

The attack involved advanced tactics, including:

• Social Engineering: Targeted personnel were subjected to manipulative techniques.
• Bribery Attempts: Aggressive efforts to compromise critical employees.
• Application Exploitation: A vulnerable internet-accessible application, not directly involved in service provision, was exploited.

Impact on CoinsPaid Operations:

1. Compromised Infrastructure:
   • Transaction data was manipulated.
   • Systems were temporarily disrupted.
2. Rapid Recovery:
   • Vulnerabilities were promptly addressed.
   • Full restoration of transaction processing was achieved.
3. Client Assurance:
   • CoinsPaid assured customers that their funds remained secure and unaffected by the incident.

Revenue Impact and Future Steps

CoinsPaid acknowledged potential revenue impacts resulting from the cyberattack. However, swift detection and remediation measures minimized further losses. The company is taking additional steps to fortify its security systems against future threats.

The Lazarus Group: A Profile

The Lazarus Group, believed to operate on behalf of the North Korean government, has been linked to numerous high-profile cryptocurrency thefts.

Notable Attacks Attributed to Lazarus:

1. Horizon Bridge Heist (2023):
   • $100 million stolen.
2. Atomic Wallet Hack (2023):
   • $35 million in cryptocurrency stolen.
3. Alphapo Heist (2023):
   • $23 million stolen from the payment processor.

Historical Data:

Between 2010 and 2021, researchers attributed various cyberattacks to the Lazarus Group. These attacks targeted financial institutions, cryptocurrency platforms, and government systems.

Legal Actions Against Lazarus Group

1. US Indictments (2021):
   • The Department of Justice charged three individuals from North Korea’s Reconnaissance General Bureau:
     • Park Jin Hyok (previously indicted in 2018)
     • Jon Chang Hyok
     • Kim Il
2. These individuals remain outside US custody.
3. OFAC Sanctions (2022):
   • On April 14, 2022, the US Treasury’s Office of Foreign Assets Control (OFAC) placed the Lazarus Group on the SDN List under North Korea Sanctions Regulations section 510.214.

CoinsPaid Recovery Highlights

Aspect	Details
Amount Stolen	$37 million
Suspected Group	Lazarus Group (North Korea)
Recovery Actions	Suspension of transactions, migration to new infrastructure
Customer Funds	Unaffected and fully secure

Call for Information

If you have any information about CoinsPaid, the Lazarus Group, or related activities, please share it through our whistleblower platform, Whistle42. Your insights are vital to understanding and mitigating cyber threats in the cryptocurrency industry.