Skip to content
NftTokenMiningCybersecurityCryptoBlockchainCrypto exchangeSmart contractTechnology

BitMEX Repels Lazarus's Phishing Attempt; Characterizes Strategy as 'Simplistic'

Cybersecurity firm BitMEX claims to have thwarted a phishing attempt by Lazarus Group, alleging poor deception techniques and repeated strategies in the purported NFT collaboration scam.

 and  Administrator
3 min read
BitMEX claims to have thwarted a Lazarus Group phishing scheme disguised as an NFT collaboration,...
BitMEX claims to have thwarted a Lazarus Group phishing scheme disguised as an NFT collaboration, attributing its success to the group's subpar tactics and repetitive methods.

BitMEX Repels Lazarus's Phishing Attempt; Characterizes Strategy as 'Simplistic'

Unveiling the Lazarus Group's Persistent Cryptocurrency Heist Escapades

Welcome to SCENEBitMEX has successfully fended off an attempted phishing attack by the cunning Lazarus Group, noted for its North Korea origins. In a revealing blog post from May 30, the digital currency exchange shed light on how an employee was lured via LinkedIn, posing as a Web3 NFT partnership.

The attack aimed to bait the target into running a GitHub project teeming with harmful code on their system, a tactic BitMEX claims has become a recurring theme in Lazarus' repertoire.

"This is old hat if you're hip to Lazarus' tactics," BitMEX penned, complimenting their swift security team for quickly identifying the cloaked JavaScript payload and pinpointing it to infrastructure previously linked to the group.

A seemingly careless oversight in operational security also pointed to an IP address tied to North Korean activities located in Jiaxing, China, roughly a hundred kilometers from Shanghai.

"This outfit's M.O. usually starts with phishing to nab their way into their target's systems," BitMEX wrote.

Exploring other assaults, it became apparent that North Korea's hacking endeavors were likely sectioned into several subgroups, each boasting varying levels of technical expertise.

"This shows through in the many documented instances of sloppy practices from these front-line groups when compared to the refined hacking methods exhibited by some of these attacks," it said.

The Lazarus Group—a name coined by cybersecurity firms and Western intelligence agencies—umbrellas several hacker teams operating under the watch of the North Korean regime.

In 2024, Chainalysis attributed $1.34 billion in stolen crypto to North Korean operatives, commanding 61% of all thefts that year across 47 incidents, a new record high and a 102% surge over 2023's stolen bounty of $660 million.

Lazarus Group: Still a Looming Threat

Yet, as Nominis founder and CEO Snir Levi cautions, increased understanding of the Lazarus Group's techniques doesn't necessarily reduce their threat level.

"The Lazarus Group devises multiple ways to purloin cryptocurrencies," Levi shared with Decrypt. "Based on the complaints we gather from individuals, we can infer that they're attempting to swindle people on a daily basis."

Some of their hauls have been jaw-dropping.

In February, hackers drained over $1.4 billion from Bybit, made feasible by the group tricking an employee at Safe Wallet into running malicious code on their machine.

"Even the Bybit heist started with social engineering," Levi noted.

More campaigns include Radiant Capital, where a contractor fell victim to a malicious PDF file embedding a backdoor.

The attack vectors range from basic phishing and mock job offers to intricate post-access strategies like tampering with smart contracts and manipulating cloud infrastructure.

The BitMEX disclosure adds to a burgeoning collection of evidence chronicling Lazarus Group's multi-layered approaches. It follows another report in May from Kraken detailing an attempt by a North Korean job seeker.

U.S. and international officials have stated that North Korea uses cryptocurrency thievery to finance its weapons programs, with some estimates suggesting up to half of the regime's missile development budget may stem from these illicit activities.

Edited by Sebastian Sinclair

Daily Debrief Newsletter

Stay attuned to the latest happenings in the cryptocurrency world

  1. The incident at BitMEX serves as a reminder of the Lazarus Group's proclivity for targeting crypto exchanges, revealing their persistent crypto heist escapades.
  2. The Lazarus Group, notorious for its North Korean origins, has been linked to the theft of over $1.34 billion in cryptocurrencies in 2024, accounting for 61% of all thefts that year.
  3. The group's methods often involve phishing, social engineering, and intricate post-access strategies such as tampering with smart contracts and manipulating cloud infrastructure.
  4. As the founder and CEO of Nominis, Snir Levi, warns, understanding the Lazarus Group's techniques does not necessarily diminish their threat level, as they have been documented attempting to swindle people on a daily basis.
  5. The BitMEX disclosure adds to a growing body of evidence chronicling the Lazarus Group's multi-layered approaches, including their use of GitHub projects laden with harmful code and phishing attacks on platforms like LinkedIn.
  6. Despite increased scrutiny and evidence, the Lazarus Group continues to operate under the umbrella of several hacker teams, each showcasing varying levels of technical expertise.
  7. Experts in the field of cybersecurity, like Chainalysis, attribute a significant portion of stolen crypto to North Korean operatives, highlighting the ongoing threat that this group poses to the world of cryptocurrency and web3 technologies.

Read also:

    Related

    Latest