BitMEX Blocks Hacking Attempt by North Korea's Lazarus Group…"Major Security Flaw Discovered"
Summary
- BitMEX reported that they blocked and backtracked a social engineering attack from the North Korea-affiliated hacking organization Lazarus Group.
- The security team revealed that, through this attack, they identified a major flaw in internal operations security and detected part of the attacker's IP address.
- This case once again highlights the vulnerability of Customer Identification Programs (KYC) and the need to improve security systems across the virtual asset industry.
According to The Block, a leading virtual asset (cryptocurrency) media outlet, on the 30th (local time), the virtual asset derivatives exchange BitMEX successfully blocked a social engineering attack by the North Korean state-affiliated hacking organization 'Lazarus Group.' BitMEX reported that it backtracked the attack and identified the Lazarus group's IP address as well as a significant security flaw in their internal operations.
BitMEX revealed on its official blog, "Recently, one of our employees received a collaboration proposal for a web3 project for a 'non-fungible token (NFT) marketplace' via LinkedIn," adding, "The project was found to be intended to induce the employee to execute malicious code, aiming to infiltrate the victim's computer."
According to the BitMEX security team, the employee discovered suspicious code while checking the project code repository and immediately reported it to the internal security team. During the ensuing internal investigation, they were able to identify some methods of Lazarus’s behavior tracking and operational loopholes; some of the attacker's IP addresses were also detected in this process.
BitMEX explained, "This attacker appears to have attempted to reuse the 'BeaverTail' malware that Palo Alto Unit 42 previously linked to the Lazarus Group."
Through their proprietary software, BitMEX regularly tracked and logged the database used by the malware and discovered that at least 10 test or development accounts were used during this process.
Notably, BitMEX noted that this case revealed Lazarus Group is divided into several subgroups that do not all share the same technical capabilities but operate simultaneously.
BitMEX analyzed, "This case shows that Lazarus's initial phishing strategy is relatively simple, whereas their hacking techniques after infiltration are quite sophisticated."
Meanwhile, this incident was made public shortly after Coinbase reported a customer information leak incident with potential losses exceeding $400 million. Consequently, vulnerabilities in the Customer Identification Program (KYC) and the need to improve overall security frameworks in the virtual asset industry are once again receiving renewed attention.
JH Kim
reporter1@bloomingbit.ioHi, I'm a Bloomingbit reporter, bringing you the latest cryptocurrency news.
![[Market] Bitcoin breaks below $68,000 as losses deepen](https://media.bloomingbit.io/PROD/news/3a08fe32-6a33-4a62-bb89-4afb5c5399ca.webp?w=250)
![[Market] Bitcoin breaks below $70,000… Korea premium at 0.31%](https://media.bloomingbit.io/PROD/news/74018332-717e-4495-9965-328fe6f56cb4.webp?w=250)
