Share this article
Russian Hackers May Have Carried Out Largest Ever Crypto Exchange Theft
Russian hackers, not North Korean, may be the bad actors behind probably the biggest ever theft from a cryptocurrency exchange.
Updated Sep 13, 2021, 9:19 a.m. Published Jun 17, 2019, 11:40 a.m.
Russian hackers, not North Korean, may be the bad actors behind probably the biggest ever theft from a cryptocurrency exchange.
Japanese newspaper Asahi Shimbun reports Monday that virus variants known to be linked to Russian hackers have been found on employee computers at the Tokyo-based Coincheck exchange.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Coincheck suffered a breach in January 2018 that resulted in the loss of 500 million NEM tokens worth around $530 million at the time – an amount even bigger than that lost by Mt. Gox.
According to the report, the malware found at the exchange had been emailed to employees and included types called Mokes and Netwire, which allow malicious distributors to gain access to victims' machines and operate them remotely. Mokes apparently first appeared on a Russian bulletin board in 2011, while Netwire has been around for 12 years.
The Coincheck hack has previously been linked with North Korea. In a report last February, South Korea's National Intelligence Service (NIS) said that phishing scams and other methods had yielded tens of billions of won in customer funds. The country's authorities were said at the same time to be probing whether North Korea was behind the Coincheck attack.
Cybersecuirty firm Group-IB also made the link between the allegedly North Korean state-sponsored hacking team and Coincheck in an October report.
Based on an analysis of the viruses, a U.S. cybersecurity expert told the Ashahi Shimbun that Russian or Eastern European hackers may be linked to the Coincheck attack.
Hacker image via Shutterstock
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Plume Secures ADGM Commercial License, Eyes Middle East RWA Expansion
Plume Network has received a commercial license from the Abu Dhabi Global Market, allowing expansion into the Middle East.
What to know:
- Plume Network has received a commercial license from the Abu Dhabi Global Market, allowing expansion into the Middle East.
- The license enables Plume to scale real-world asset origination and distribution across the Middle East, Africa, and emerging markets.
- Plume plans to establish a permanent office in Abu Dhabi by the end of the year, with commercial announcements expected in early 2026.
Top Stories
