North Korea’s Lazarus Group Suspected in $31 Million CoinEx Heist

Sep 17, 2023THNCryptocurrency / Cyber Assault

The North Korea-affiliated Lazarus Group has stolen almost $240 million in cryptocurrency since June 2023, marking a major escalation of its hacks.

In response to a number of studies from Certik, Ellipticand ZachXBTthe notorious hacking group is alleged to be suspected behind the theft of $31 million in digital property from the CoinEx exchange on September 12, 2023.

The crypto heist geared toward CoinEx adds to a string of recent attacks focusing on Atomic Pockets ($100 million), CoinsPaid ($37.3 million), Alphapo ($60 million), and Stake.com ($41 million).

“Some of the funds stolen from CoinEx were sent to an address which was used by the Lazarus group to launder funds stolen from Stake.com, albeit on a different blockchain,” Elliptic mentioned. “Following this, the funds were bridged to Ethereum, using a bridge previously used by Lazarus, and then sent back to an address known to be controlled by the CoinEx hacker.”

The blockchain analytics agency mentioned the newest assaults are a sign that the adversarial collective is shifting its focus from decentralized providers to centralized ones, the latter of which have been its targets previous to 2020.

The pivot is probably going motivated by enhancements in sensible contract auditing and improvement requirements within the DeFi area and elevated entry provided by centralized exchanges through social engineering assaults.

The event comes because the chief of the sanctions-hit nation, Kim Jong Un, visited Russia for what’s believed to be an arms deal, even because it fired two short-range ballistic missiles towards its japanese seas earlier within the week.

North Korea has leveraged cryptocurrency thefts as a technique to get round sanctions and fund its weapons programs. One other revenue generation channel is its use of freelance IT workers abroad utilizing fraudulent identification paperwork that obscure their true nationality.

“In recent years, there has been a marked rise in the size and scale of cyber attacks against cryptocurrency-related businesses by North Korea,” TRM Labs said in June 2023. “This has coincided with an obvious acceleration within the nation’s nuclear and ballistic missile programs.”

The Lazarus Group and its sub-clusters in addition to different hacking outfits linked to the nation have been on a rampage in current months, orchestrating a wide range of malicious operations, together with software program provide chain assaults focusing on corporations resembling 3CX and JumpCloud in addition to open-source repositories for JavaScript and Python.

In a autopsy of the hack, CoinsPaid disclosed that phony recruiters from crypto corporations contacted its workers through LinkedIn and varied Messengers with profitable salaries in an try and trick them into “installing the JumpCloud Agent or a special program to complete a technical task,” a marketing campaign referred to as Operation Dream Job.