North Korea has a pot? New research shows that the theft of Coincheck is actually done by Russian hackers.

According to the Asahi Shimbun report today, the personal computer of the Coincheck employee of the Japanese crypto exchange was found to be infected with a virus related to Russian hacking organizations.

In January 2018, Coincheck suffered a hacker attack. The $534 million NEM (new currency) was stolen and the stolen amount was the highest in the history of cryptocurrency.

Earlier reports said that this high-profile attack was initiated by North Korean-related attackers, but the latest research raises questions about this claim.

• Bitcoin Weekly | Bitcoin chain data continues to be active, can it break through $10,000?
• Bakkt will conduct bitcoin futures trading test in July, and Bitcoin's overall network computing power hit a record high
• Compare Finality and Liveness of various consensus algorithms

Experts are currently considering that the crime may have been caused by "a group of unknown hackers."

In a recent survey of Coincheck employees' personal computers, researchers discovered the "Mokes" and "Netwire" viruses. These computers may install and spread the virus in the form of emails, giving them the opportunity to gain unauthorized access to the exchange's private key.

Given that both known viruses have been used by Russian hackers before, an American expert told the media:

"After the analysis of the virus, Eastern Europe and Russia may be related to the criminal group."

According to reports, both viruses allow hackers to take control of infected computers and perform remote operations. In June 2011, Morks was first promoted at a forum in Russia, and it is reported that cybersecurity investigators have known Netwire for 12 years.

Prior to this, several security companies believed that the theft of Coincheck was related to North Korean hackers. Due to sanctions imposed by Western countries, North Korea is considered to conduct normal economic activities through illegal acquisition of cryptocurrencies.

For example, this spring, a South Korean cybersecurity company claimed that North Korean hackers were behind the scenes of phishing scams for UpBit users on the Korean cryptocurrency exchange.

In a report last February, the South Korean National Intelligence Agency said phishing scams and other means have brought tens of billions of won to North Korea. The North Korean authorities are also alleged to be investigating whether the country is behind the scenes of the Coincheck attack.

However, it seems that North Korea has been on the back of Coincheck’s theft.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!