New findings into Coincheck, a Japan-based cryptocurrency exchange that was hacked in January 2018 reveals that employees’ computers were infected with viruses which enabled the security breach. The viruses are allegedly associated with a Russian hacker group, according to a report on June 17, 2019.
Per the report, another investigation into the Coincheck hack of 2018 reveals that viruses were used to hijack the computers of workers of the exchange. At the time, $534 million worth of NEM tokens were stolen and it was believed that the hack was the handiwork of cybercrime actors in North Korea.
However, the type of viruses used to facilitate the crime says otherwise. These viruses are Morks and Netwire which are allegedly associated with an unknown Russian hacker group. The viruses were distributed through emails to employees’ personal computers and this enabled attackers to gain remote control of the computers and access to Coincheck’s private keys.
A Russian group was linked to the crime since similar viruses on this nature were also used in another hack. According to a United States expert, “From the analysis of the virus, Eastern Europe and Russia may be related to the server criminal group of the base.” Morks, for instance, was first promoted on a Russian Forum in June 2011 while Netwire has been known to cybersecurity experts for 12 years now.
A hack of this nature with the use of viruses is similar to that of Binance, a Malta-based cryptocurrency exchange that was hacked in April this year. Through the use of phishing and viruses, the hackers were able to cart away 7,000 Bitcoins valued around $40 million.