Financial Information Platform

US Warns of Possible North Korean Hacker Attacks on Blockchain Industry

0 0


US security agencies warn of possible cyberattacks by North Korean hackers belonging to the Lazarus Group on the blockchain industry. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury, released a statement reporting these threats.

Cryptocurrency exchanges, decentralized finance protocols, NFT blockchain games, and Play to Earn are reportedly among the group’s next targets. The Treasury Department points to this group as responsible for the theft of more than $600 million in the Ronin blockchain, from Axie Infinity.

North Korean hackers and blockchain

Intelligence services from the FBI, CISA, and Treasury point to a growing wave of threats to blockchain platforms and protocols from North Korea. The agencies specify that the group of hackers, financed by the country’s government, has its sights set on various companies and platforms in the crypto industry.

Exchanges, DeFi and NFTs in danger of being hacked

It seems that private owners of cryptocurrencies and NFTs are also in danger. Especially those who store large sums of money in crypto assets or hold high-value NFTs.


Lazarus Group could be being sponsored by the North Korean government as early as 2020, to illegally obtain funds, as the agencies point out.

Phishing attacks and social engineering

US agencies have identified phishing attacks and social engineering as possible modus operandi of the Lazarus Group. In other words, they use different manipulation techniques to deceive victims and thus be able to access their confidential information. Among the most common tactics is the publication of well-paid job offers. These are offers aimed at administrators or software specialists of cryptocurrency companies. Also the massive spread of wallet applications or crypto trading tools, with hidden malicious code, to steal the credentials of the victims.

Malware attacks and ransomware also figure in illicit activity related to the Lazarus group. Cybercriminals can steal the private keys of their victims or exploit existing security vulnerabilities, through malware.

Lazarus Group responsible for the Ronin Network hack

Lazarus Group uses AppleJeus malware to steal cryptocurrencies, according to a report published by the agencies on this malicious software. The warnings from the FBI, CISA and Treasury come just days after the Ronin Network theft was linked to this group of hackers. The Treasury Department added the Ronin network attacker’s ETH address to its list of sanctioned addresses, indicating that the address belongs to the Lazarus Group.

The North Korean hacker group, also known as APT38, BlueNoroff and Stardust Chollima, has also stolen money from banks using custom malware, the agencies say.

$650K stolen in MetaMask


Just this week, an Apple and MetaMask user reported $650,000 stolen from his wallet in a phishing attack. The security researcher “Serpent” explained on Twitter that the attacker tricked the victim into believing that he was talking to the Apple Inc service and that his account was at risk. In a phone call, the user entrusted the cybercriminal with his Apple account verification code.

ConsenSys, the developer of MetaMask, has said that Apple’s iCloud service backups are storing the wallet seed phrases. So by accessing the victim’s Apple account, the attacker was able to restore the user’s MetaMask wallet and steal the funds from the user.


Although this attack has not been linked to the Lazarus group, it shows what phishing can do. The US authorities recommend that cryptocurrency users remain alert to possible attacks. Likewise, they recommend companies to reinforce their security measures and patch any vulnerability, to avoid losses in future hacks.

Over $1.2 Billion Stolen From Crypto This Year

So far this year, the crypto industry has lost about $1.2 billion. Beanstalk, the most recent victim, suffered a $182 million theft after a hacker managed to explore a vulnerability in its code. He did it using a flash loan. These types of loans have become one of the favorite tools of hackers to violate DeFi protocols.

Leave A Reply

Your email address will not be published.