37 million worth of Bitcoin stolen, please keep your wallet safe, North Korea's "LAN" country can actually play private key attacks?

Of the nine hacking incidents traced back to the Lazarus Group in 2024, seven occurred through private key compromise.

The nature of one of the hacking incidents was not disclosed: the Atomic Wallet hack, which ultimately enabled them to steal the private keys of Atomic Wallet users.

While the leakage of private keys in other cases was acknowledged, the specific details were never fully disclosed, except for one case: the CoinsPaid hack.

Brute force attacks and supply chain attacks are techniques for obtaining private keys, but the tactics used in the CoinsPaid hack may more accurately represent the techniques used by the Lazarus Group in the other seven private key compromise cases.

Similar to the Ronin case, this private key attack was achieved through malware implemented through social engineering techniques.

On July 22, 2023, the Lazarus Group stole $37 million from the Estonian crypto payment company CoinsPaid through LinkedIn.

According to CoinsPaid's post-incident report, the Lazarus group initially tried to break into their systems through conventional hacking methods starting in March 2023.

After several months of failure, they returned to their successful strategy: fake job offers.

They offered CoinsPaid employees attractive, high-paying jobs with salaries ranging from $16,000 to $24,000 per month, waiting for employees to take the bait.

An unwary employee fell for it and had a fake job interview with them, during which he was asked to download a software to complete a technical task.

Unfortunately, he did not use his personal computer for the interview, but a computer with access to CoinsPaid's infrastructure.

The "software" was actually a malicious code that, according to CoinsPaid, enabled the Lazarus Group to "remotely control computers to infiltrate and access CoinsPaid's internal systems."

After gaining access to CoinsPaid's infrastructure, they successfully opened a backdoor that "enabled them to create authorization requests to withdraw funds from CoinsPaid's hot wallet."

This is how the Lazarus Group stole $37 million.

After half of the investment has been made, if you want to change the direction of investment or suspend investment, click on the avatar to see my homepage pinned to give you a brand new direction $BNB