6 February 2020

North Korean hackers used advanced tactics to steal funds from cryptocurrency exchange


North Korean hackers used advanced tactics to steal funds from cryptocurrency exchange

A notorious hacking collective known as Lazarus Group linked to the North Korean government and believed to be behind a slew of the brazen hacks, including the 2014 hack of Sony Pictures and 2017 WannaCry ransomware attacks, as well as a number of cryptocurrency exchange attacks, has advanced its hacking tactics and money laundering strategies, according to blockchain analysis company Chainalysis.

Typically, Lazarus Group relies on social engineering to attack exchanges, tricking employees into downloading malware that allows the hackers the access to users’ funds, but in one of the exchange hacks last year the group took more advanced approach executing one of the most elaborate phishing schemes seen to date.

In March of 2019, the hackers stole approximately $7 million in various cryptocurrencies (including Bitcoin, Ripple, and Litecoin) from Singapore-based DragonEx exchange. While in terms of financial gain the DragonEx hack was relatively small, it was notable for the lengths the hackers went to obtain the funds.

The attack involved a sophisticated phishing attack in which the hackers established a fake company with realistic website and social media presence. The company claimed to be selling an automated cryptocurrency trading bot called Worldbit-bot. That supposed bot was then offered to DragonEx employees for a free trial. Though the software allegedly resembled an actual trading bot, it contained malware that could hijack the computer it infected. Eventually, the malicious software landed on the DragonEx computer containing the private keys for the exchange’s wallets thus allowing the hackers to steal the funds.

“Whereas most phishing attempts rely on little more than an email or small-scale website, Lazarus Group’s fabricated Worldbit-bot company is on another level of sophistication. It reveals the time and resources Lazarus has at its disposal, as well as the deep knowledge of the cryptocurrency ecosystem necessary to successfully impersonate legitimate participants,” Chainalysis noted in the report.

Back to the list

Latest Posts

500 Chrome extensions secretly pilfered data from millions of users

500 Chrome extensions secretly pilfered data from millions of users

The extensions were part of a malvertising and ad-fraud campaign that has been active since at least since January 2019.
14 February 2020
Hamas-linked hackers target victims in Palestinian territories

Hamas-linked hackers target victims in Palestinian territories

The hackers exploit current geopolitical events to spy on Palestinian entities and individuals.
13 February 2020
The Outlaw hacking group returns with updated kit, targets businesses in the U.S and Europe

The Outlaw hacking group returns with updated kit, targets businesses in the U.S and Europe

The group used a combination of pre-existing tools and new techniques to monitor for programs that could detect its malware.
13 February 2020