According to a recent article by Bloomberg News, in late July, a programmer at Estonia’s CoinsPaid, a prominent crypto payment processor, was contacted by a recruiter on LinkedIn for a job opportunity. During a 40-minute video interview, the engineer was asked to download a file for a technical test on his work computer. Days later, CoinsPaid’s security team detected a series of unusual withdrawals, and by the time they intervened, $37.3 million in cryptocurrency had been drained.
The rapidity and methodology of the attack led both CoinsPaid and external investigators from Match Systems to suspect the involvement of Lazarus, a hacking group with ties to the North Korean government. Lazarus has a history of high-profile cyber-attacks, including the 2017 WannaCry ransomware attack and the 2014 Sony Pictures hack.
In a blog post dated July 26, 2023, CoinsPaid CEO Max Krupyshev stated that the company’s dedicated team of experts had worked tirelessly to fortify their systems, minimizing the impact and leaving Lazarus with a “record-low reward.” The company also initiated an investigation to track and mark stolen funds using various blockchain analytics tools. Companies like Crystal, Chainalysis, Match Systems, and others aided in the investigation. CoinsPaid emphasized that customer funds remained intact despite the attack. However, the platform’s availability and the company’s revenue were impacted.
The attack comes amid a surge in crypto-related thefts, which per Bloomberg’s report reached a record $3.8 billion in 2022. It also raises questions about Estonia’s role as a crypto hub, especially as U.S. authorities have sanctioned two of its largest crypto players. Estonian regulators have since reduced the number of licenses for crypto companies.