North Korean Lazarus group suspected of involvement in $31 million CoinEx heist
The North Korea-affiliated Lazarus Group has stolen nearly $240 million worth of cryptocurrency since June 2023, marking a significant escalation in its hacks.
According to several reports from Certified, EllipticalAnd ZachXBTthe infamous hacker group is believed to be behind the theft of $31 million in digital assets from the CoinEx Exchange on September 12, 2023.
The cryptocurrency heist targeting CoinEx adds to a series of recent attacks targeting Atomic Wallet ($100 million), CoinsPaid ($37.3 million), Alphapo ($60 million) and Stake.com ( 41 million dollars).
“Some of the funds stolen from CoinEx were sent to an address that was used by the Lazarus Group to launder funds stolen from Stake.com, albeit on a different blockchain,” Elliptic said. “Then the funds were transferred to Ethereum, using a bridge previously used by Lazarus, and then sent back to an address known to be controlled by the CoinEx hacker.”
The blockchain analytics firm said the latest attacks indicate that the adversary collective is moving from decentralized to centralized services, with the latter being its targets ahead of 2020.
This pivot is likely driven by improving standards for smart contract auditing and development in the DeFi space and the increased access offered by centralized exchanges via social engineering attacks.
The development comes as the leader of the sanctions-hit country, Kim Jong Un, visited Russia for what is believed to be an arms deal, even if it fired two short-range ballistic missiles to its eastern seas earlier in the week.
North Korea exploited cryptocurrency thefts as a way to circumvent sanctions and finance its weapons programs. Another way to generate revenue is through freelance IT professionals abroad who use fraudulent identity documents that mask their true nationality.
“In recent years, there has been a marked increase in the size and scale of cyberattacks against cryptocurrency-related businesses by North Korea,” TRM Labs said. said in June 2023. “This coincided with an apparent acceleration in the country’s growth. nuclear and ballistic missile programs“.
Identity is the New Endpoint: Mastering SaaS Security in the Modern Age
Dive into the future of SaaS security with Maor Bin, CEO of Adaptive Shield. Find out why identity is the new endpoint. Reserve your place now.
The Lazarus Group and its sub-clusters as well as other hacking groups linked to the country have been on a rampage in recent months, orchestrating various malicious operations, including software supply chain attacks targeting companies such as 3CX and JumpCloud as well than open companies. -source repositories for JavaScript and Python.
In an autopsy of the hack, CoinsPaid disclosed that fake crypto company recruiters contacted its employees via LinkedIn and various messengers with lucrative salaries and tricked them into “installing the JumpCloud agent or a special program to complete a technical task”, a campaign known as the name Operation Dream Job.
