Coindesk Logo

Russian Hackers May Have Carried Out Largest Ever Crypto Exchange Theft

Russian Hackers May Have Carried Out Largest Ever Crypto Exchange Theft

Russian Hackers May Have Carried Out Largest Ever Crypto Exchange Theft

Russian hackers, not North Korean, may be the bad actors behind probably the biggest ever theft from a cryptocurrency exchange.

Russian hackers, not North Korean, may be the bad actors behind probably the biggest ever theft from a cryptocurrency exchange.

Russian hackers, not North Korean, may be the bad actors behind probably the biggest ever theft from a cryptocurrency exchange.

AccessTimeIconJun 17, 2019, 11:40 AM
Updated Aug 18, 2021, 1:09 PM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Russian hackers, not North Korean, may be the bad actors behind probably the biggest ever theft from a cryptocurrency exchange.

Japanese newspaper Asahi Shimbun reports Monday that virus variants known to be linked to Russian hackers have been found on employee computers at the Tokyo-based Coincheck exchange.

Coincheck suffered a breach in January 2018 that resulted in the loss of 500 million NEM tokens worth around $530 million at the time – an amount even bigger than that lost by Mt. Gox.

According to the report, the malware found at the exchange had been emailed to employees and included types called Mokes and Netwire, which allow malicious distributors to gain access to victims' machines and operate them remotely. Mokes apparently first appeared on a Russian bulletin board in 2011, while Netwire has been around for 12 years.

The Coincheck hack has previously been linked with North Korea. In a report last February, South Korea's National Intelligence Service (NIS) said that phishing scams and other methods had yielded tens of billions of won in customer funds. The country's authorities were said at the same time to be probing whether North Korea was behind the Coincheck attack.

Cybersecuirty firm Group-IB also made the link between the allegedly North Korean state-sponsored hacking team and Coincheck in an October report.

Based on an analysis of the viruses, a U.S. cybersecurity expert told the Ashahi Shimbun that Russian or Eastern European hackers may be linked to the Coincheck attack.

Hacker image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.