It might just be time for us to stop pointing fingers at North Korean hackers for the major hacks in the crypto world. Looks like there is a new culprit in town.
Japanese newspaper Asahi Shimbun reported on Monday, that Russian hackers might be behind the breach that Coincheck suffered in January 2018. In that breach, approximately 500 Million NEM Tokens were lost and it has been deemed as the biggest ever crypto theft in the history of crypto thefts.
Their accusations are based on some solid findings. The report states that virus variants known to be linked to Russian hackers have been discovered on employee computers at the Tokyo-based Coincheck exchange. The tokens that were lost amounted to around $530 million at the time, which even surpasses the losses reported by Mt. Gox.
Earlier, North Korean group of hackers were blamed for this hack but it was not concretely substantiated with evidence. At the time, South Korea was investigating North Korea’s involvement in this hack. South Korea’s National Intelligence Service (NIS) reported last February, that phishing scams and other methods had yielded tens of billions of won in customer funds.
However, the recent evidence that has been discovered paints another picture. The new evidence shows that the employess had received malware in their mails and they included types called Mokes and Netwire, which allow hackers to access victims’ machines and operate them remotely. The interesting thing here is that Mokes allegedly first appeared on a Russian bulletin board in 2011, while Netwire has been around for 12 years.
The final investigation was carried out by a U.S. cybersecurity expert who told the Ashahi Shimbun that Russian or Eastern European hackers may be linked to the Coincheck attack.
While the evidence might be there, America’s involvement in the investigation and the resulting conclusion seem too convenient and might raise some eyebrows.