Morning News: N Korea in Turkey Raid?, Coinchek Hack Explanation
- McAfee: North Korea Behind Attempted Turkey Crypto Raid
- Coincheck Explains How its Wallets Were Hacked
- Regulator Reveals Reasons for the Suspension of Two Japanese Exchanges
Catch up on the most essential cryptocurrency and blockchain news stories breaking in Asia and the Americas while the rest of the world was asleep.
McAfee: North Korea Behind Attempted Turkey Crypto Raid
Security firm McAfee says North Korean hackers were behind an attempted attack on Turkey’s financial industry and government organizations. McAfee says the hackers attempted to steal cryptocurrency funds, but were thwarted in their attempt, only managing to infect computers in the country. The attack, which exploited vulnerabilities in Adobe’s Flash program, allowed hackers to install malware on victims’ computers, and also involved directing users to a fake site whose domain name was almost identical to that of a legitimate cryptocurrency platform. The nature of the attack was similar to that used by North Korea in its 2014 attack on Sony Pictures, says McAfee. South Korean experts have claimed that the North regularly raids its exchanges and that its hackers are “currently active in India, Malaysia, New Zealand, Nepal, Kenya, Mozambique and Indonesia.”
Coincheck Explains How its Wallets Were Hacked
Coincheck, the Japanese exchange platform that suffered the world’s biggest-ever cryptocurrency heist in January, has revealed the attack was caused by malware spread by emails sent to its staff. Yusuke Otsuka, Coincheck’s COO, told reporters, “The emails were received by a number of our employees, infecting our PCs with malware. The code let the attackers access our network and servers, accessing all passcodes so they could illegally remit accounts using the NEM funds they found on one of our servers.” Otsuka was also asked whether the emails had been sent from Japan or overseas, but responded, “As I am under investigation at the moment, I am not at liberty to reveal this.”
The Nishi Nippon media outlet says that staff members received emails containing "sentences in English" that appeared to have come from the address of a trusted person, perhaps an employee, shortly before the hack. This has increased speculation as to where the attack originated from. The outlet says that staff members opened a URL link contained in the email, which may have allowed the virus to spread. The Tokyo Metropolitan Police Department says it is investigating the relationship between this email and the hack.
The company also says that it will begin compensating users whose funds were stolen in the attack next week, as it resumes operations. In order to prevent further security breaches, Coincheck says it has rebuilt its internal network, restructured its servers and replaced both its PCs and its cold wallets.
Regulator Reveals Reasons Behind the Two Japanese Exchanges Suspension
Coincheck was also hit with a second business improvement order by Japan’s Financial Services Agency (FSA). The regulator body handed out business improvement orders to six other exchange platforms – and dished out one-month suspensions to Bit Station and FSHO. The suspended exchanges are two of the 16 platforms that were established before the FSA last year began requiring new platforms to register with the regulator. The FSA has alleged that a Bit Station employee used a client’s cryptocurrency funds for “personal purposes.” The agency claims that FSHO, meanwhile, has taken insufficient steps to prevent money laundering, allowing transactions without inadequate customer identity measures. The seven companies hit with improvement orders include Tech Bureau and GMO Coin, who both registered with the FSA last year. The companies have until March 22 to submit improvement reports or face possible suspension orders.