Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims. Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects. Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, …
As many countries, entities and even individuals face international sanctions, the crypto industry seeks to find its place among increasing regulations. Digital currencies have often been mentioned as an avenue for those subject to sanctions to divert them, such as in the recent case of Russia. In such instances, exchanges and other industry players need to understand where they stand compliance-wise. Research out of Harvard even suggested that central banks can use Bitcoin (BTC) to fight off sanctions. Speaking to Cointelegraph's managing editor Alex Cohen at the Israel Crypto Conference, Chainalysis head of sanctions Andrew Fierman said sanctions are nuanced …
Microsoft reports that a threat actor has been identified targeting cryptocurrency investment startups. A party Microsoft has dubbed DEV-0139 posed as a cryptocurrency investment company on Telegram and used an Excel file weaponized with “well-crafted” malware to infect systems that it then remotely accessed. The threat is part of a trend in attacks showing a high level of sophistication. In this case, the threat actor, falsely identifying itself with fake profiles of OKX employees, joined Telegram groups “used to facilitate communication between VIP clients and cryptocurrency exchange platforms,” Microsoft wrote in a Dec. 6 blog post. Microsoft explained: “We are …
The United States Treasury Department's Office of Foreign Asset Control, or OFAC, has amended the sanctions on cryptocurrency mixer Tornado Cash in addition to including two individuals involved in “transportation and procurement activities” for the Democratic People’s Republic of Korea in its list of Specially Designated Nationals. In a Nov. 8 announcement, the Department of the Treasury said it had “delisted and simultaneously redesignated” Tornado Cash in addition to taking into account activities conducted by North Korean nationals Ri Sok and Yan Zhiyong in its basis for sanctions. The government department reiterated its claims that the crypto mixer was involved …
Japan’s national police have pinned North Korean hacking group, Lazarus, as the organization behind several years of crypto-related cyber attacks. In the public advisory statement sent out on Oct. 14, Japan’s National Police Agency (NPA) and Financial Services Agency (FSA) sent a warning to the country's crypto-asset businesses, asking them to stay vigilant of “phishing” attacks by the hacking groupaimed at stealing crypto assets. The advisory statement is known as “public attribution,” and according to local reports, is the fifth time in history that the government has issued such a warning. The statement warns that the hacking group uses social …
The hackers behind the $625 million Ronin bridge attack in March have since transferred most of their funds from ETH into BTC using renBTC and Bitcoin privacy tools Blender and ChipMixer. The hacker’s activity has been tracked by on-chain investigator ‘₿liteZero’, who works for SlowMist and contributed to the company’s 2022 Mid-Year Blockchain Security report. They outlined the transaction pathway of the stolen funds since the Mar. 23 attack. The majority of the stolen funds were originally converted into ETH and sent to now sanctioned Ethereum crypto mixer Tornado Cash before being bridged over to the Bitcoin network and converted …
Cross-chain protocols and Web3 firms continue to be targeted by hacking groups as deBridge Finance unpacks a failed attack that bears the hallmarks of North Korea’s Lazarus Group hackers. deBridge Finance employees received what looked like another ordinary email from co-founder Alex Smirnov on a Friday afternoon. An attachment labeled ‘New Salary Adjustments’ was bound to pique interest, with various cryptocurrency firms instituting staff layoffs and pay cuts during the ongoing cryptocurrency winter. A handful of employees flagged the email and its attachment as suspicious, but one staff member took the bait and downloaded the PDF file. This would prove …
North Korea-backed cyberattacks on cryptocurrency and tech firms will only become more sophisticated over time as the country battles prolonged economic sanctions and resource shortages. Former CIA analyst Soo Kim told CNN on Sunday that the process of generating overseas crypto income for the regime has now become a “way of life” for the North Koreans: “In light of the challenges that the regime is facing — food shortages, fewer countries willing to engage with North Korea [...] this is just going to be something that they will continue to use because nobody is holding them back, essentially.” She also …
The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the primary suspect in the recent attack that saw $100 million stolen from the Harmony protocol. According to a new report published Thursday by blockchain analysis firm Elliptic, the manner in which Harmony’s Horizon bridge was hacked and the way in which the stolen digital assets were consequently laundered bears a striking resemblance to other Lazarus Group attacks. “There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen …
North Korea leads the world in crypto crime, with over 15 documented instances of cyber theft amounting to $1.59 billion in stolen funds. However, the recent crypto market turmoil has wiped out millions of dollars from the country’s stolen crypto portfolio. The crypto market rundown that started in May wiped out hundreds of billions of dollars from the crypto industry, where most of the crypto assets fell by over 70% from their top. As a result majority of stolen crypto funds by the Democratic People's Republic of Korea (DPRK) hackers have registered a significant plunge as well. A report from …
The United States Department of Justice, State and the Treasury issued a joint advisery warning against the influx of North Korean workers in various freelance tech jobs, especially in the crypto industry The public advisory was released on Friday, highlighting the critical red flags and identifiers for private firms to avoid hiring North Korean workers. The U.S. agencies warned that these workers pose a range of risks including theft of intellectual property, data and funds that could be used to violate sanctions. There has been a significant increase in the freelance job market due to the pandemic, and crypto being …
The United States Treasury Department Office of Foreign Assets Control (OFAC) announced Friday that it was sanctioning cryptocurrency mixer Blender.io for its role in laundering proceeds from the hacking of Axie Infinity's Ronin Bridge. North Korean state-sponsored hackers Lazarus Group have been identified as the perpetrators of the attack. Treasury Under Secretary for Terrorism and Financial Intelligence Brian E. Nelson said in a statement: “Today, for the first time ever, Treasury is sanctioning a virtual currency mixer. […] We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to …