It appears that Russian hackers, or hackers from Eastern Europe, might be behind the January 2018 Coincheck hack which to date is still one of the biggest ever thefts from a cryptocurrency exchange, according to Japanese newspaper Asahi Shimbun.
Although authorities have long suspected that North Korea was behind the 2018 hack, the news outlet reported this Monday that virus variants, which are known to be linked to Russian hackers, have been discovered on computers of Coincheck employees.
As Finance Magnates reported, at the beginning of 2018, Coincheck suffered a breach which saw 500 million NEM tokens stolen from the Tokyo-based exchange, which was worth around $530 million at the time.
Coincheck users were first alerted to the hack after the exchange suspended all withdrawals. The abrupt decision was taken after a Ripple payment worth $123 million (101,265,057 XRP) departed its wallet in tandem with other unconfirmed and sizable withdrawals.
Digitex Futures Partners with ChainlinkGo to article >>
Initially, hackers from North Korea were suspected. However, the report today, which cites several unnamed sources, states that the malware found at the exchange had been emailed to employees. It included malware called Mokes and Netwire, which allows hackers to take over and operate the infected computer remotely.
According to the report, Mokes were first marketed in Russia via a bulletin board in June of 2011 and is believed to be used among Russian hackers. Netwire, on the other hand, has been around for 12 years.
After doing an analysis of the virus, a United States cybersecurity expert told Asahi Shimbun that hackers from Russia or Eastern Europe might be linked to the 2018 Coincheck attack.
Monex Offers Coincheck a Second Chance
Following the theft, Coincheck was acquired by Monex Group for $33.2 million (360 million yen), a figure that offers a glimpse into the value of cryptocurrency exchanges. Since the acquisition, Coincheck has now resumed complete operations.