Coincheck NEM hack – New sources link to Russian hackers
Recent investigations led experts to think that the one of the greatest heist in history – the theft of around US$534 million worth of New Economic Movement (NEM) cryptocoins – might be linked to Russian hackers, instead of North Korean ones as previously suspected.
Let’s step back in history, though. On January 25 of last year, at 2:57 a.m. local time in Tokyo, a huge amount of NEM gets stolen in an attack aimed at Japanese cryptocurrency exchange Coincheck.
Since cryptocurrency exchange are available to the public, it is easy to see where transactions go to. Problem is that no one knows the owner of the 11 addresses identified by Coincheck where all the coins are stored in. They are simply labeled “coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker.”
Via services like ShapeShift, that doesn’t require any personal data to trade cryptos, and exchanging the NEM with more anonymised currencies like Monero, it will be easy for the hackers to cash in.
Following the investigations, Coincheck had to deal with some extremely embarrassing details in their security system.
First off, it stored all the coins in only one hot wallet – meaning that all the deposit was connected to the Internet. It is of vital importance for a crypto exchange to have part of all the deposited coins in a cold, offline wallet to prevent attacks to occur on such a large scale.
In the second place, the fact that Coincheck was not registered with the Financial Services Agency of Japan also surfaced during the press conference held in the aftermaths of the attack. The team of Coincheck has, then, pledged to enlist in the FSA and to improve their security systems.
At first, Japan and the international community turned to North Korea to find a guilty party to blame for the attack. After all, North Korea made a name for itself in hacking and virtual robbing in these last years.
However, new sources could actually lead to a new track. Japanese news agency Asahi Shimbun reported that two viruses, “Mokes” and “Netwire”, have been found in the employees personal computers – probably disseminated via email, with the employees unknowingly installing the virus on their devices.
A United States expert has then added that such viruses have frequently been linked to Eastern Europe and mainly Russia.
Mokes was first advertised on a Russian forum in 2011 and Netwire is a very well famous virus in the cybersecurity field. They both grant remote access and control of the infected device.
Moreover, although the formal policy of Russia is sceptical on cryptocurrency – while it is keen to explore other blockchain-based technologies, at the same time – it is also famous to be the motherland of many proficient hackers and tech savvies who don’t think twice before seizing the chance of a good heist.
Investigations are still under way, although recovering the actual stolen coins is an impossible perspective.