UPDATED 23:25 EDT / JUNE 17 2019

SECURITY

Russians blamed for $530M hack of Japanese cryptocurrency exchange Coincheck

Russian hackers are now believed to be behind the hacking and theft of around $530 million in cryptocurrency from Japanese exchange Coincheck in January 2018, Japanese media reported Monday.

The hack, the largest single successful theft of cryptocurrency of all time, even beating the better-known hack of Mt. Gox, was originally believed to have undertaken by North Korean hackers.

The report said the Russia link comes via malware called Smokebot that was previously offered by a Russian hacking group. According to security firm Check Point Software Technologies Ltd., Smokebot is a “backdoor bot agent” that targets the Windows platform. The malware is said to contact a remote server periodically and accept commands that would allow an attacker to perform information stealing, distributed denial-of-service attacks, downloading of malicious files and other actions.

The alleged link may be spurious, however, as the Russian link appears to be nothing more than evidence that Smokebot was offered for sale in 2011 on a Russian-language forum. There’s also some suggestion that the hack could be related to Eastern Europe, but the Russian angle is seemingly based on Cyrillic script appearing in the malware code.

While costly, some good did come from the hack with Japanese cryptocurrency exchanges coming together to form a self-regulating body to oversee crypto markets in February 2018. The Japanese government officially gave the self-regulatory body legal status in October.

Attacks on cryptocurrencies and their enabling exchanges are especially troubling for systems such as currencies, which rely heavily on trust, Francis Gaffney, director of threat intelligence at email security firm Mimecast Services Ltd., told SiliconANGLE.

“We see these crypto-based attacks begin with sophisticated phishing campaigns and malware droppers,” he said. “From there, threat actors study their victims to identify their credentials and capture their sensitive information. And no longer are these attacks strapped to remote locations, as incidents involving mobile devices are on the rise.”

To defend against them, he added, “organizations must implement good cyber hygiene and robust cyber resilience across all platforms.”

Photo: The Kremlin

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU