In a recent update, the prominent crypto payment platform in Estonia, CoinsPaid, accused the North Korean illicit group of compromising with the company system. The CoinsPaid team lamented that the Lazarus Group gained unauthorized access to the system and posted fake jobs.

In a blog post dated August 7, the CoinsPaid team stated that the bad players exploited a vulnerable system to heist over $37 million as of July 22.

Hackers Exploits CoinsPaid System

The report stated that the suspects tricked the job seekers into downloading suspicious software while undergoing the recruitment process. According to CoinsPaid, the hackers’ dubious scheme involved completing several stages of the recruitment process. 

At the technical assessment stage, the applicants were prompted to download software redirecting them to complete the online recruitment tests. In the primary phase of the online application, the job seekers confessed that they were forced to download malicious code to proceed with the subsequent hiring process.

After downloading the code, the CoinsPaid team lamented that the unscrupulous players gained access to applicants’ data. Later the hackers leveraged their vast technical experience to enable the applicants to access CoinsPaid data and system.

The troubled crypto payment platform also admitted that the hackers weakened the system’s vulnerability to gain complete access to CoinsPaid infrastructure. The hackers proceeded with the suspicious scheme to create a backdoor on the CoinsPaid platform.

CoinsPaid Seeks to Restore Stolen Funds

Besides gaining unauthorized access, the hackers leveraged their expertise to familiarize themselves with the CoinsPaid system. From understanding the fundamental concepts and operations of CoinsPaid, the hackers launched legitimate requests on the interaction interface with the blockchain network. Subsequently, the hackers withdrew a measurable amount of company assets locked in the operational storage vault.

The unexpected withdrawal of huge funds compelled the CoinsPaid team to invest in probing the matter. The CoinsPaid team entered into a partnership agreement with Match System to restore the stolen assets.

In a July 26 post-mortem report, the probing team observed that the exploit was undertaken by the world’s most powerful cybercrime organization Lazarus Group. The CoinsPaid report demonstrated that the hackers had made several attempts to exploit the weak protocols in March.

The failed attempts challenged the Lazarus Group to up its game and leverage its social engineering expertise to target the employees instead of the crypto payment company.In addition, CoinsPaid and Match System observed that a significant amount of the stolen funds were transferred through SwftSwap.  

The said transfers were wired in USDT to Ethereum, Bitcoin, and Avalanche networks. Also, the lost asset was transferred to Atomic Wallets, according to CoinsPaid statement.

Even though the CoinsPaid team has not managed to restore the stolen funds, the probing team has implemented operational measures to block and freeze the funds. The CoinsPaid team has also informed other exchanges on the matter. The crypto payment platform in distress has obtained the hacker’s addresses to trace any suspicious transactions.