- BitMEX stopped a Lazarus Group phishing attack using LinkedIn and malicious code.
- Lazarus Group linked to $1.34 billion crypto thefts in 2024, fueling North Korea’s programs.
- Lazarus combines simple phishing tactics with advanced strategies to target crypto firms globally.
BitMEX announced that it stopped a phishing attack launched by the Lazarus Group, which North Korea reportedly backs. The crypto exchange shared the incident on May 30, showing how its security department had halted the threat before it could cause any damage. BitMEX stated that the attackers used social engineering tactics, reaching out to an employee through LinkedIn with a proposal for a Web3 NFT collaboration.
The interaction is pretty much known if you are familiar with Lazarus’ tactics,” BitMEX “The interaction is pretty much known if you are familiar with Lazarus’ tactics,” BitMEX wrote in its blog post, highlighting the recurring nature of these phishing strategies.
Lazarus Group: Patterns in Crypto Attacks
The Lazarus Group remains one of the most significant threats to the cryptocurrency community. It initiates its attacks primarily through simple phishing methods. BitMEX said that social engineering is often the initial step, and if successful, the attackers will try more complex techniques. This pattern has also appeared in several other incidents, including hacks at Bybit, Stake, and CoinEx.
Cybersecurity researchers identified that the group has recently infected multiple JavaScript npm packages to install backdoors and steal credentials. In one instance, an operational security error revealed a linked IP address located in Jiaxing, China. These incidents demonstrate how the group effectively combines basic and advanced techniques across various campaigns.
Recent reports from Kraken and blockchain researchers, including Arkham Intelligence and ZachXBT, have linked the Lazarus Group to numerous large-scale thefts. Initially, attacks often involve phishing emails or false job opportunities, but they later evolve into more advanced tactics, such as interfering with cloud systems or modifying smart contracts. The techniques they use may be complicated, yet many of them actually start by targeting user mistakes.
Crypto Theft and International Security Concerns
According to international agencies and blockchain firms, North Korean actors stole $1.34 billion in cryptocurrency in 2024, which equals more than 60% of the sector’s total losses. According to reports, money from stolen cryptocurrencies apparently helps develop North Korea’s weapons programs, with some experts suggesting that stolen cryptocurrencies fund up to half of the regime’s missile projects.
Security experts, such as Snir Levi, CEO of Nominis, warn that the growing awareness of Lazarus’ tactics has not reduced their effectiveness. “The Lazarus Group uses multiple techniques to steal cryptocurrencies,” Levi stated, emphasizing that they continue to defraud individuals and companies daily.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
