The infamous North Korean hacker collective Lazarus Group conducted a cyberattack against Debridge
Co-founder of Debridge Finance Alex Smirnov alleges that the infamous North Korean hacker collective Lazarus Group conducted a cyberattack against Debridge. Smirnov has alerted the Web3 teams that the endeavor is likely broad. In 2022, cross-chain bridges and other decentralized finance (defi) protocols have been the victim of several attacks. The Lazarus Group of North Korea is considered to be responsible for several defi vulnerabilities, even though the majority of the hackers are unknown.
The Federal Bureau of Investigation, the U.S. Treasury Department, and the Cybersecurity and Infrastructure Security Agency determined The Lazarus Group to be a threat to the cryptocurrency market and its participants in mid-April 2022. One week after the FBI’s warning, the Office of Foreign Asset Control of the U.S. Treasury Department placed three Ethereum addresses on the list of Specially Designated Nationals and Blocked Persons.
The Lazarus Group, a cybercrime organization, is in charge of maintaining the database of Ethereum addresses, according to OFAC. Additionally, using the Ronin bridge attack (the $620M Axie Infinity hack), OFAC connected the North Korean hacking collective to the flagged Ethereum wallets. On Friday, Delbridge Finance co-founder Alex Smirnov warned the Web3 and cryptocurrency communities that Lazarus Group was allegedly attempting to attack the project.
“The Lazarus organization appears to have tried a cyberattack against [Debridge Finance]. This campaign is probably broad, therefore a PSA for all Web3 teams,” Smirnov emphasized in his tweet. Several members of our team received a PDF file titled “New Salary Adjustments” from an email address that was a fake of mine, which was the attack’s primary method. Our team is informed about potential attack vectors, and we constantly seek to improve our rigorous internal security policies.
macOS users won’t be impacted by the attack, according to Smirnov, even though Windows users must input their system password to open the password-protected PDF. “The attack vector is as follows: Smirnov stated that when a user clicks a link in an email, the user downloads and opens an archive, try to open a PDF file but is prompted for a password, clicks password.txt.lnk, and infects the whole computer.
The defi projects and the bitcoin market have been targeted by hackers like Lazarus Group and others, who have made a killing. Members of the bitcoin industry are believed to be targets because many businesses deal with money, a range of assets, and investments.
