It turns out that the biggest crypto jacking scheme was conducted by Russian hackers and not the North Koreans that everybody has been talking about.
Recently, a Japanese media outlet reported that several cases have been linked to hackers based out of the Russian Federation. The malware that was discovered on an exchange based in Tokyo had already appeared in Russia many many years ago.
According to the media outlet, the first-ever large scale use of the malicious software was conducted on Coincheck’s platform, who lost more than half a billion dollars in NEM tokens due to the hack.
This is considered to be even larger than Mt.Gox experienced, but in this case, investors at least know that it was indeed a hack and not gameplay from the company itself.
The types of malware that were emailed to employees of the exchange had some deep Russian roots. The variations were Mokes and Netwire, which had been around in Russian since 2011 and 2007 respectively.
The malicious software would give the hackers remote access to every infected hardware, which allowed them to get their hands on the NEM tokens in the first place.
In the beginning the hack was believed to have come from North Korea, however, the malicious software is clearly of Russian design. The cybersecurity company who made the link between Coincheck and North Korea in October is also looking into this new development.
Experts from the United States are also saying that a link between Russia and Coincheck is highly likely.