North Korea’s infamous Lazarus hacking group has been linked to two new attacks on cryptocurrency firms which led to the theft of nearly $100m in virtual currency.
Tallinn-headquartered payments gateway CoinsPaid said in an update this week that $37.3m was stolen from the firm.
“We believe Lazarus expected the attack on CoinsPaid to be much more successful,” it added.
“In response to the attack, the company’s dedicated team of experts has worked tirelessly to fortify our systems and minimise the impact, leaving Lazarus with a record-low reward. Indeed, our security measures and procedures allowed CoinsPaid to prevent higher loss of funds.”
Read more on Lazarus: Ronin Crypto Heist of $618m Traced to North Korea
The firm claimed that despite the multimillion-dollar loss, customer funds remained intact, although it admitted that the platform’s availability had suffered.
“After the partial downtime, our services are getting up and running one by one in the new secured environment. We expect it to take a few more days to sort out minor details and ensure the system works smoothly,” said CEO, Max Krupyshev.
CoinsPaid did not explain its reasoning behind attributing the attack to Lazarus, but did reveal that it acted quickly to track the movement of the stolen crypto using various blockchain analytics tools.
In related news, Lazarus was linked to an even bigger raid on crypto payments provider Alphapo last Sunday.
Blockchain expert @ZachXBT explained on Twitter that Alphapo hot wallets had initially been drained of $23m in Ethereum, Tron and Bitcoin. However, he updated that original estimate days later, revealing that an additional $37m in Tron and Bitcoin was found missing, bringing the total to $60m.
“This hack appears to likely have been done by Lazarus as they create a very distinct fingerprint on-chain,” he added.