Latest news with #LazarusGroup
Fast Company
2 days ago
- Business
- Fast Company
These crypto detectives helped crack North Korea's latest $1.5 billion blockchain heist
Crypto criminals can't hide The single largest cryptocurrency heist in history took place one day in late February, when hackers exploited system vulnerabilities in Bybit, a Dubai-based crypto exchange, siphoning off a whopping $1.5 billion in digital assets within minutes. Bybit's security team immediately launched an investigation that would eventually involve the FBI and several blockchain intelligence companies. Among those involved from the beginning were the experts at TRM Labs, a San Francisco-based company of around 300 that analyzes the blockchain networks which power cryptocurrency transactions to investigate—and prevent—fraud and financial crimes. 'Literally from the first minutes, we were involved,' says Ari Redbord, the company's global head of policy, 'working with Bybit and law enforcement partners like the FBI to track and trace funds.' The attack was soon attributed to a North Korean state-sponsored hacker organization commonly known as Lazarus Group. Lazarus has been blamed for a series of high-profile cybercrimes in recent years, including the 2014 hack on Sony Pictures Entertainment, the 2016 digital heist from the Bangladeshi central bank and, more recently, billions of dollars in digital currency thefts. TRM was among the first to attribute the Bybit attack after detecting an overlap between the blockchain resources used here and those used in Lazarus's previous thefts. Since then, the company has harnessed its expertise in tracking crypto to keep law enforcement abreast of where the stolen funds are headed, following them from blockchain to blockchain and through clever concealment mechanisms. 'We were very much built for an investigation like this,' Redbord says. The final deadline for Fast Company's Brands That Matter Awards is this Friday, May 30, at 11:59 p.m. PT. Apply today.
Business Mayor
21-05-2025
- Business
- Business Mayor
The 6 Largest Crypto Exchange Hacks (That Lived to Trade Again)
If you still think crypto exchanges are impenetrable fortresses where your coins sleep safely in cold vaults under layers of ISO certifications and partner-signed audits — time to wake up. **Proof of Reserves?**Anyone can fake a spreadsheet — especially when the 'audit' is done by a partner company that gets paid by the exchange itself. **Licenses and certificates?**They don't stop a spilled-coffee sysadmin or an unpatched hot wallet. Or Lazarus, who's probably already inside the building. Even the biggest CEXes, pushing billions in daily volume, have been taken down — not by theoretical bugs, but by real exploits. This is a breakdown of 6 major crypto exchanges that didn't just get hacked — they got drained. Hundreds of millions gone. And yet… they survived. Some even got stronger. Because in crypto, like in horror movies: If it didn't kill you — it made you meaner. Bitfinex (2016): $65M then, $4.5B now What happened: Hackers exploited a flaw in the BitGo multi-sig wallet integration and stole 120,000 BTC. Hackers exploited a flaw in the BitGo multi-sig wallet integration and stole 120,000 BTC. How they survived: 6 years later, the FBI recovered 94,000 BTC. Why? The hackers saved their seed phrases in the cloud. Yes. Really. 6 years later, the FBI recovered 94,000 BTC. Why? The hackers saved their seed phrases in the cloud. Yes. Really. Lesson: Even top exchanges can mess up architecture. And hackers? Sometimes they're not elite cyber-ninjas — just clumsy amateurs with Google Drive. Binance (2022): $570M and a bridge to nowhere The heist: An attacker forged proofs and minted 2 million BNB via a bug in Binance Bridge. An attacker forged proofs and minted 2 million BNB via a bug in Binance Bridge. What they saved: $100M frozen fast. The rest vanished across chains. $100M frozen fast. The rest vanished across chains. The fix: Binance paused the entire BSC network. Drastic, but effective. Binance paused the entire BSC network. Drastic, but effective. Moral: Even the biggest players can't save a bad bridge. Especially when you are the bridge. Read More How Matter Labs' ZK Stack Helps Celo's Layer 2 Migration Bybit (2025): $1.5B — a record no one brags about The breach: Cold wallets compromised. Vault-grade security, front-desk level key storage. Cold wallets compromised. Vault-grade security, front-desk level key storage. Who did it: Likely Lazarus Group. Again. Likely Lazarus Group. Again. Recovered: ~$43M via bug bounties, FBI, and German law enforcement. ~$43M via bug bounties, FBI, and German law enforcement. Takeaway: 'Cold' doesn't mean invincible. Especially if the keys aren't that cold to begin with. Exploit: Hackers bypassed two-factor authentication. Hackers bypassed two-factor authentication. Initial response: 'Nothing was stolen.' Days later: 'Okay, $33.7M was stolen.' 'Nothing was stolen.' Days later: 'Okay, $33.7M was stolen.' Fix: Complete rebuild of 2FA. Complete rebuild of 2FA. Lesson: If you're a centralized service — you are a target. Period. KuCoin (2020): $280M and a lesson in recovery What happened: Classic hot wallet compromise. Classic hot wallet compromise. Recovery: $204M recovered via token freezes, community help, and enforcement. $204M recovered via token freezes, community help, and enforcement. Impressive: One of the few exchanges to get most of it back. One of the few exchanges to get most of it back. MVP: Speed and strong alliances. BingX (2024): $52M and a classic script The exploit: Hot wallets compromised across chains. One key for all. Hot wallets compromised across chains. One key for all. Culprit: Probably Lazarus again. Probably Lazarus again. Response: Promised full reimbursement. Still pending. Promised full reimbursement. Still pending. Note: It's always the hot wallets. Always. (2023): Panic without a hack Fact: No hack occurred. No hack occurred. But: Twitter rumors sparked a bank run. GT token dipped. Twitter rumors sparked a bank run. GT token dipped. Their move: Released proof-of-reserves showing $10B+ in assets. Released proof-of-reserves showing $10B+ in assets. Conclusion: Not all attacks are technical — some are just viral FUD. MEXC & WhiteBIT: The hunters, not the hunted According to CoinGlass rankings: MEXC: No major breaches. Actively freezes stolen funds. No major breaches. Actively freezes stolen funds. WhiteBIT: Helped recover $16M from hack. You don't have to be a victim to be a hero. Or at least a sidekick. What all these cases teach us: Hot wallets = hot mess Once funds are online, it's not 'if' — it's when. Read More Circle's IPO: A launchpad for mainstream stablecoin adoption? Too-centralized keys = disaster One private key to rule them all? Not DevOps — just dumb. Social engineering, Lazarus, and human error Hackers don't just crack code — they crack people. Slow reaction = bigger losses The longer you sleep, the less you get back. Everyone helps everyone (if you're not a scam) Exchanges, governments, analytics firms — they cooperate. Because one hack can shake trust in the entire ecosystem. So what makes an exchange actually 'secure'? I used to think the safest exchange is the one that nevergot I know — it's the one that got hit, but bounced back. The one that recovered funds. Or helped others do it. Those quiet, 'never-hacked' platforms? Maybe they've just never noticed. Cold storage is great — but not always practical. Diversify across 5–10 CEXes, not based on certifications, but on how they handled real fires. Look for real customers, real recovery stories, and transparency that isn't just cosmetic. The next attack is just a matter of when. So ask yourself: Will your exchange be ready?
Arabian Post
08-05-2025
- Business
- Arabian Post
G7 to Confront North Korea's Crypto-Funded Cybercrime Surge
Leaders of the Group of Seven nations are set to address the escalating threat of North Korea's cryptocurrency-fueled cybercrime at their upcoming summit in Alberta, Canada. The agenda reflects growing international concern over Pyongyang's use of digital asset theft to circumvent sanctions and finance its weapons programmes. North Korea has emerged as a dominant force in global cybercrime, with its state-sponsored hacking groups, notably the Lazarus Group and TraderTraitor, orchestrating sophisticated attacks on cryptocurrency platforms. In 2024 alone, these groups were responsible for stealing over $1.3 billion in digital assets, accounting for approximately 61% of the total crypto thefts that year. Such activities have significantly bolstered North Korea's foreign currency reserves, with cyberattacks reportedly generating up to 50% of the country's foreign exchange earnings. One of the most significant incidents attributed to North Korean hackers was the $1.5 billion theft from the Dubai-based cryptocurrency exchange Bybit in early 2025. The attackers employed malware-laden trading applications to infiltrate the platform, subsequently laundering the stolen funds through a complex network of blockchain transactions. This breach not only marked the largest crypto heist to date but also underscored the regime's advanced cyber capabilities. Beyond large-scale exchange hacks, North Korean cybercriminals have diversified their tactics to include social engineering schemes. The 'pig butchering' scam, for instance, involves operatives establishing fake online relationships to manipulate victims into investing in fraudulent cryptocurrency ventures. Such schemes have defrauded individuals, particularly retirees, of billions of dollars, further fueling Pyongyang's illicit revenue streams. The international community has responded with a series of sanctions and regulatory measures aimed at curbing North Korea's cyber activities. In May 2025, the U.S. Treasury's Financial Crimes Enforcement Network proposed banning Cambodia-based financial firm Huione Group from accessing the U.S. financial system. Huione is accused of laundering at least $4 billion in illicit funds, including $73 million in cryptocurrency linked to North Korean cyber heists. Similarly, South Korea imposed sanctions on 15 North Korean individuals involved in cyber theft and crypto heists, targeting their overseas operations that funnel funds back to Pyongyang's weapons development programmes. See also FFGI Set to Launch ERC-20 FFG Token to Transform Film Financing Despite these efforts, North Korea continues to refine its cyber strategies. The regime has reportedly infiltrated foreign companies by deploying operatives posing as freelance IT workers, thereby gaining access to sensitive systems and facilitating further cyberattacks. Such tactics not only enhance the regime's ability to steal digital assets but also pose significant risks to global cybersecurity. Arabian Post – Crypto News Network
Int'l Business Times
08-05-2025
- Business
- Int'l Business Times
G7 Leaders Consider Discussing North Korea's Crypto Threat At Canada Summit: Report
Sources told Bloomberg that G7 leaders were considering if the matter was worth discussing at the summit Lazarus Group is at center of crypto thefts, as the latest data showed that the North Korea-linked hacking group holds over $800M in crypto The hackers are associated with the $1.4 billion and $230 million exploits of Bybit and WazirX, respectively Leaders of the Group of Seven (G7) countries are reportedly weighing whether they should include North Korea-backed cyberattacks and cryptocurrency thefts during their much-anticipated summit in Canada next month. G7 leaders are increasingly aware of the "alarming" cyber activities of North Korea-linked hackers, and the matter may arise during the summit, Bloomberg reported Wednesday, citing sources familiar with plans around the summit. Digital assets in the spotlight ahead of G7 summit Leaders of the G7 nations, which consist of the United States, United Kingdom, Canada, Italy, France, Germany, and Japan, are heading to Alberta, Canada, in June to discuss various aspects of economy and geopolitical matters at a time when the world is fast-moving toward a digital financial era. Digital assets and cryptocurrencies are becoming major payment mediums, and with crypto exchange-traded funds (ETFs) driving institutional interest, hackers linked to the North Korean regime are also evolving to match the momentum. Data from onchain analytics firm Arkham Intelligence shows that as of early Thursday, North Korea's Lazarus Group, a notorious hacking group linked to multiple cyberattacks and crypto thefts over the years, holds over $819 million worth of crypto assets, including a staggering 8,032 Bitcoin (worth approximately $799 million). In 2023, a White House official revealed that about half of North Korea's missile program has been funded by cyberattacks and crypto theft, raising serious concerns about the country's capabilities in deploying mass attacks. While the agenda of the June summit has not been finalized yet, at least two G7 nations -- U.S. and Japan -- have already moved to sanction cybersecurity attacks associated with North Korean hackers. Notably, President Donald Trump's re-entry into the White House has put crypto into the global spotlight as he vowed to make America the global crypto superpower. It is unclear if his administration will raise the matter around crypto theft threats during the summit. Lazarus Group deals massive losses to crypto industry Over the years, Lazarus Group has been held responsible by some crypto sleuths and researchers for some of the most devastating attacks in the industry. Most recently, in February, leading crypto exchange Bybit suffered a $1.4 billion exploit that marked the largest single heist in crypto and blockchain history. Prominent crypto sleuth ZachXBT pointed to Lazarus Group as the exchange's attacker, as confirmed by Arkham, which launched a bounty into the exploit. Likewise, ZachXBT said the $230 million exploit of Indian crypto exchange giant Wazir X "has the potential markings of a Lazarus Group attack (yet again)." The said exploit took place in mid-2024, resulting in millions of losses to WazirX users.
Arabian Post
04-05-2025
- Business
- Arabian Post
Kraken Thwarts North Korean Agent's Attempted Infiltration via Job Interview
A North Korean operative's attempt to infiltrate Kraken, a prominent cryptocurrency exchange, through a deceptive job interview has been successfully thwarted, highlighting the increasing sophistication of state-sponsored cyber-espionage tactics targeting the digital asset industry. The incident involved an individual posing as a qualified IT professional, leveraging fabricated credentials and a falsified identity to secure a remote position within Kraken. The operative's strategy included the use of advanced social engineering techniques, such as deepfake technology and AI-generated documentation, to bypass standard hiring protocols. However, Kraken's vigilant recruitment team identified inconsistencies during the interview process, leading to the exposure of the applicant's true affiliation. This event underscores a broader pattern of North Korean cyber operations aimed at the cryptocurrency sector. The Lazarus Group, a hacking collective linked to North Korea's Reconnaissance General Bureau, has been implicated in numerous cyberattacks resulting in substantial financial losses. Notably, the group orchestrated a $37 million theft from CoinsPaid in July 2023 by deceiving an employee into downloading malware under the guise of a job-related task. The United Nations has reported that North Korea employs over 4,000 IT workers globally, generating approximately $600 million annually to fund its nuclear weapons program. These operatives often assume false identities and secure positions in tech firms, exploiting the remote work culture to mask their true origins. In the United Kingdom, authorities have urged companies to conduct in-person or video interviews to mitigate the risk of hiring imposters. A recent analysis revealed that a single North Korean agent operated under 12 different personas across Europe and the U.S., infiltrating sensitive sectors including defense and government. See also ZKsync's Airdrop Security Breach Unveils $5 Million Exploit The FBI has also issued warnings about North Korean schemes involving fake job offers and investment opportunities designed to trick individuals into downloading malware. These social engineering attacks are characterized by their complexity and the use of sophisticated technical acumen to compromise even well-versed cybersecurity professionals. Cybersecurity experts emphasize the need for rigorous hiring practices, including thorough background checks and identity verification, to counteract these threats. Companies are advised to be wary of applicants who avoid video interviews, request payment through unconventional means, or exhibit inconsistencies in their professional histories. Arabian Post – Crypto News Network
