There seems to be no shortage of illicit activities the notorious Lazarus Group is involved in. According to CoinsPaid, the hacking group reportedly stole over $37 million from hacking its platform.

No Beating Around the Bush

While it is the norm for companies to be coy about who they suspect when hacks occur, CoinsPaid is pointing fingers already, and the culprit is no novelty to crypto denizens.

According to a July 26th blog post, CoinsPaid categorically named North Korea-backed Lazarus Group as its main suspect behind a crypto heist.

According to the company’s statement, the cyberattack led to a loss of $37.3 million on July 22nd.

CoinsPaid, a crypto payment gateway, also reeled out a list of tech and crypto businesses that have been victims of the hacking group in the past.

📢 #LazarusGroup suspected by CoinsPaid of 37M $USD hack @coinspaid is once again processing transactions after halting service in response to an attack on July 22. The company said it suspects North Korea's Lazarus Group orchestrated the attack.

"We believe #Lazarus expected… pic.twitter.com/OXrC0Noque

— KentDefi 🌟 Kols Network (@KentDefi) July 27, 2023

Lazarus Group is a team of black hat hackers believed to be working for the North Korean government.

The cyber criminal team has pulled off some daring hacks, especially the Ronin blockchain heist of 2022, which saw $625 million shaved off from the Axie Infinity crypto project.

The hacking team has continued this year with an Atomic Wallet hack worth $100 million, following a Horizon Bridge hack of the same amount.

Nonetheless, the anonymous hackers have not limited their attacks to blockchain-focused operations but have also targeted many notable tech companies and businesses. Sony, for instance, lost $81 million to this sort of attack.

CoinsPaid noted that the Lazarus Group would have made off with more of its funds if not for the timely intervention of its team of cybersecurity experts.

Given this, the company has ensured that users’ funds are safe and have further beefed up its internal security systems to forestall a repeat occurrence.

The crypto payment service said it has resumed processing transactions in limited quantities as it picks up the pieces.

Giving a timeframe before everything returns to normal, CEO Max Krupyshev noted that it might take a couple of days to sort out minor details and ensure the system runs smoothly.

Meanwhile, CoinsPaid has stated that it is not sitting idly following the incident. Instead, it is working closely with several blockchain security firms, including Chainalysis, Valkyrie Investments, Match Systems, Binance, and several others, to track and mark the stolen funds.

In this regard, CoinsPaid has taken a step further by filing an official report with the Estonian law enforcement agency to ensure the culprits are brought to book.

Lazarus Group on Rampage

The infamous hacking group has been one of the most active in the industry. According to a tweet by blockchain security firm SlowMist, Lazarus Group also hit another blockchain project called Alphapo for a reported $60 million.

The correlations by SlowMist seem to point out that the hacking group targeted CoinsPaid, Atomic Wallet, and Alphapo at the same time.

🚩MistTrack Update🚩

Recently, the crypto community has been stirred by a sequence of incidents involving @coinspaid, @AtomicWallet, and Alphapo.

A veneer of mystery shrouds these incidents, yet there's a possibility that Lazarus might be behind them all! pic.twitter.com/ppxRk3xtUh

— MistTrack🕵️ (@MistTrack_io) July 26, 2023

Continued investigations by security experts and enthusiasts begin to properly map out the group’s trail of blood. According to a tweet by the founder and CEO of Socket Security Ferros, Lazarus Group is creating sophisticated social engineering campaigns that target JavaScript developers.

🚨 ALERT: The Lazarus Group (aka North Korea) is behind a sophisticated social engineering campaign targeting JavaScript developers. They're using compromised GitHub accounts and malware-laden NPM packages to achieve their malicious objectives.

👀 Click to read more pic.twitter.com/aheUQIoqPc

— Feross (@feross) July 25, 2023

Providing more insight, Ferros stated that the hacking team reached their targets via GitHub, LinkedIn, and Telegram and built rapport.

Once trust is obtained, the group asks the target to make copies of malware-infused repositories on GitHub.

The malicious code will then connect to remote servers, download additional scripts to run, and further compromise the infected devices.

After this, the hackers take vital information and funds from the platform without the target ever suspecting what is happening.

We are excited to announce the partnership with @dappOS_com , one of the emerging web3 operating protocols！https://t.co/7svJuIuNvB

— OKX Ventures (@OKX_Ventures) July 27, 2023

This growing menace has driven companies like OKX Ventures and DappOS to join forces in further securing their platforms.