In late July, a programmer at Estonia’s CoinsPaid, the world’s biggest crypto payment provider, met over video link with a recruiter who had reached out on LinkedIn with a lucrative job offer. During the 40-minute job interview, the engineer was asked to download a file to take a technical test, which he did on his work computer.
A few days later, on July 22, the CoinsPaid security team noticed a series of unusual withdrawals — money was quickly being drained from company accounts. By the time they were able to shut everything down and kick out the hackers four-and-a-half hours later, CoinsPaid had lost $37 million, and both the origin of the stolen crypto and the addresses of the digital wallets that received it had been carefully obscured.
‘Enforcement 40’ for 2020
Join Us On LinkedIn
Join the Securities Litigation and Enforcement Group on LinkedIn