North Korean Hackers’ $3 Billion Crypto Heist Exposed
A new crypto heist by North Korea’s Lazarus Group exploited a Chrome vulnerability, leading to $3 billion in losses.
North Korean Hackers Conduct $3 Billion Crypto Heist Using Fake NFT Game
In a calculated and unprecedented cyber attack, a group of hackers associated with North Korea, known as the Lazarus Group, has reportedly stolen $3 billion in cryptocurrency from users worldwide. The method behind this high-stakes operation, which spanned six years, involved exploiting a security vulnerability in Google Chrome. According to Kaspersky Lab, a renowned cybersecurity firm, the Lazarus Group developed a fake blockchain-based game that was used to target unsuspecting cryptocurrency enthusiasts and NFT collectors, leaving a wake of drained digital wallets and compromised accounts.
The heist is yet another in a long line of attacks attributed to Lazarus Group, which is known for sophisticated cyber operations. Over the years, they have honed their skills, exploiting vulnerabilities in major systems and platforms. This recent incident further underscores the urgent need for fortified security in the cryptocurrency and broader tech industries. As Kaspersky analysts Vasily Berdnikov and Boris Larin report, the fake game, named either DeTankZone or DeTankWar, involved transactions centered on Non-Fungible Tokens (NFTs), enticing users with promises of digital ownership and rare collectibles. Through this front, Lazarus hackers redirected users to a compromised site where malware, known as “Manuscript,” was covertly installed.
With Manuscript, Lazarus Group reportedly had full access to Chrome’s memory and therefore to users’ sensitive information, including their passwords, tokens, and private keys to cryptocurrency wallets. This breach enabled the hackers to drain the victims’ wallets effectively, leaving them with little chance of recovering their lost assets. This elaborate scheme is only the latest example of how cybercriminals exploit evolving digital trends, like NFTs and blockchain technology, to carry out attacks.
Lazarus’ Sophisticated Tactics Unraveled
Kaspersky Labs first discovered this malicious activity in May and reported the issue to Google’s security team, urging a prompt response. However, the complexity of this zero-day vulnerability—a security flaw previously unknown to the software developer—meant that it took Google nearly two weeks, or precisely 12 days, to implement a fix. While this response time is commendable considering the difficulty of addressing zero-day threats, the lag time may have allowed Lazarus Group ample opportunity to launch widespread attacks.
Boris Larin, a principal analyst at Kaspersky, commented on the group’s ambitions, saying, “The notable effort invested by the hacker group in the said hacking campaign indicates that the group has an ambitious plan.” Indeed, the scale of the attack suggests a well-coordinated campaign designed to exploit this specific flaw in Chrome, demonstrating the Lazarus Group’s adeptness in cyber warfare.
Kaspersky’s revelations also shed light on the broader network behind these attacks. Evidence uncovered during the investigation pointed to a group of developers working for Lazarus Group who earn as much as $500,000 monthly, a figure highlighting the substantial resources that fuel North Korea’s state-sponsored cyber programs. This network allegedly serves not only in crypto-focused attacks but also in supporting various malicious activities in the cybersecurity domain. With North Korea under heavy economic sanctions, it is believed that funds acquired through these operations help support the regime.
Lazarus Group’s Blockchain Exploits in the Wider Crypto Landscape
Beyond the Chrome exploit and fake game, the Lazarus Group has conducted 25 separate attacks, laundering $200 million in cryptocurrency. These funds have been traced through various platforms and accounts, illustrating a complex laundering process designed to obscure the origins of the assets. According to blockchain detectives, this laundering network is structured with meticulous care, allowing the group to blend stolen funds with legitimate transactions before they are ultimately withdrawn.
As blockchain-based platforms grow in popularity, many users—often unaware of lurking threats—continue to invest in NFTs and other blockchain assets. These platforms and users are now becoming prime targets for sophisticated cyber criminals. The Lazarus Group’s recent operations expose the vulnerabilities inherent in a digital ecosystem where users conduct significant financial transactions without the protections that traditional banking institutions might offer. In this case, the sheer financial scale and global reach of the attack underscore the pressing need for heightened security and awareness.
While Google has since patched the vulnerability in Chrome, it is possible that other undiscovered flaws may remain. According to Larin, Chrome’s memory vulnerabilities make it an attractive target for groups like Lazarus, who often probe for such weaknesses in widely used software. Tech companies, he emphasized, should be proactive in addressing potential flaws before they can be exploited by malicious actors.
In response to these incidents, Kaspersky and other cybersecurity firms are urging cryptocurrency users to adopt best practices in digital security. Recommendations include using multi-factor authentication, keeping software up-to-date, and being cautious about third-party platforms and software, particularly in the volatile world of blockchain.
Reference Link To Original Source Article
https://bitcoinist.com/lazarus-group-unleashes-blockchain-game-to-exploit-chrome-and-steal-crypto/