📢 Gate Square #MBG Posting Challenge# is Live— Post for MBG Rewards!
Want a share of 1,000 MBG? Get involved now—show your insights and real participation to become an MBG promoter!
💰 20 top posts will each win 50 MBG!
How to Participate:
1️⃣ Research the MBG project
Share your in-depth views on MBG’s fundamentals, community governance, development goals, and tokenomics, etc.
2️⃣ Join and share your real experience
Take part in MBG activities (CandyDrop, Launchpool, or spot trading), and post your screenshots, earnings, or step-by-step tutorials. Content can include profits, beginner-friendl
North Korea's hacker group Lazarus "raked in" $300 million in 100 days and targeted centralized institutions
Original author: Elliptic
Original text compiled by: Babywhale, Foresight News
The North Korean hacker group Lazarus seems to have stepped up its operations recently. It has confirmed four attacks against cryptocurrency companies since June 3, and the recent attack on the cryptocurrency exchange CoinEx is likely to have been carried out by Lazarus. In response, CoinEx issued multiple tweets stating that suspicious wallet addresses are still being identified, so the total value of the stolen funds is not yet clear, but it may have reached $54 million.
Over the past 100 days, Lazarus has been confirmed to have stolen nearly $240 million worth from Atomic Wallet ($100 million), CoinsPaid ($37.3 million), Alphapo ($60 million), and Stake.com ($41 million). Cryptoassets.
As shown above, Elliptic analyzed that some of the funds stolen from CoinEx were sent to the address used by the Lazarus organization to store funds stolen from Stake.com, albeit on a different blockchain. The funds were then cross-chained to Ethereum via a cross-chain bridge previously used by Lazarus, and then sent back to an address known to be controlled by CoinEx hackers. Elliptic has observed this kind of mixing of funds from different hackers in the Lazarus incident, most recently when funds stolen from Stake.com were mixed with funds stolen from the Atomic wallet. These instances of funds from different hackers being combined are shown in orange in the image below.
Five attacks in over 100 days
In 2022, several high-profile hacks were attributed to Lazarus, including an attack on Harmony's Horizon Bridge and an attack on Axie Infinity's Ronin Bridge, both of which occurred in the first half of last year. From then until June of this year, no major cryptocurrency thefts were publicly attributed to Lazarus. Therefore, various hacking attacks over the past 100 days or so indicate that North Korean hacker groups are becoming active again.
On June 3, 2023, users of the non-custodial decentralized cryptocurrency wallet Atomic Wallet lost more than $100 million. Elliptic officially attributed the hack to Lazarus on June 6, 2023, after determining multiple factors that pointed to a North Korean hacker group being responsible, which was later confirmed by the FBI.
On July 22, 2023, Lazarus gained access to a hot wallet belonging to the crypto payments platform CoinsPaid through a social engineering attack. This access allowed the attacker to create authorization requests to withdraw approximately $37.3 million in crypto assets from the platform’s hot wallet. On July 26, CoinsPaid released a report claiming that Lazarus was responsible for the attack, which was confirmed by the FBI.
On the same day, July 22, Lazarus conducted another attack, this time targeting centralized crypto payments provider Alphapo, stealing $60 million in crypto assets. The attacker may have gained access via a previously leaked private key. The FBI later confirmed that Lazarus was the attacker in this incident.
On September 4, 2023, the online cryptocurrency gambling platform Stake.com was attacked and approximately $41 million worth of cryptocurrency was stolen, possibly due to the theft of private keys. The FBI issued an announcement on September 6, confirming that the Lazarus organization was behind the attack.
Finally, on September 12, 2023, the centralized cryptocurrency exchange CoinEx became the victim of a hacker attack and $54 million was stolen. As mentioned above, multiple pieces of evidence point to Lazarus being responsible for this attack.
Lazarus changed his "tactics"?
Analysis of Lazarus’ latest activity shows that since last year they have shifted their focus from decentralized services to centralized services. Four of the five recent hacks discussed earlier targeted centralized crypto asset service providers. Before 2020, before the rapid rise of the DeFi ecosystem, centralized exchanges were the main target of Lazarus.
There are several possible explanations for why Lazarus is once again turning its attention to centralized services.
Pay more attention to security: Elliptic’s previous research on DeFi hacking attacks in 2022 found that an attack will occur on average every four days in 2022, with an average of $32.6 million stolen per attack. Cross-chain bridges have become one of the most commonly hacked DeFi protocol types in 2022. These trends may have prompted improvements in smart contract auditing and development standards, narrowing the scope for hackers to identify and exploit vulnerabilities.
Susceptibility to social engineering: In numerous hacking attacks, the Lazarus Group's attack method of choice was social engineering. For example, the $540 million Ronin Bridge hack was a "gap" found through fake job opportunities on LinkedIn. However, decentralized services tend not to have many employees and are – as the name implies – decentralized to varying degrees. Therefore, gaining malicious access to a developer may not necessarily equate to gaining administrative access to a smart contract.
At the same time, centralized exchanges are likely to employ a relatively larger workforce, thereby expanding the range of possible targets. They may also operate using centralized internal information technology systems, giving Lazarus malware a greater chance of infiltrating the business.