In 2022, the crypto industry witnessed several attacks against DeFi protocols such as cross-chain bridges.
Majority of these hackers remain unknown. However, a North Korean hacking collective, Lazarus Group, is suspected of many of these DeFi exploits.
Lazarus group was declared as a threat to the crypto community by the U.S. Treasury Department, the Federal Bureau of Investigation (FBI), and Infrastructure Security Agency (CISA), in mid-April 2022. The U.S Treasury department’s Office of Foreign Assets Control (OFAC), integrated three Ethereum-addresses to the Blocked Persons List (SDN) and the Specially Designated Nationals, a week after the FBI’s warning.
OFAC have accused Lazarus Group of maintaining the Ethereum addresses. In addition, OFAC made the connection of the flagged Ethereum addresses with the Ronin Bridge exploit (the $620M Axie Infinity hack) to the North Korean hackers group. Co-founder of Debridge Finance, Alex Smirnov, on Friday warned the crypto community about Lazarus Group trying to attack the project.
In a tweet, Smirnov said that Lazarus Group has attempted to attack Debridge Finance. The campaign is quite widespread for all teams in Web3. The attack was done through an email. Smirnov shared that his team received a PDF file named “New Salary Adjustments” from a spoof Smirnov’s email address. The founder revealed that they have a strict security policy and they continuously work towards improving it while keeping their team on-board with it.
Therefore, the majority of team members reported the suspicious email. One employee however did download and opened the file. As a result, they understood how it worked and what could be the consequences.Smirnov further explained that while the attack couldn’t affect themacOS users but on Windows, the pdf was password-protected and asked for the system password.
Smirnov disclosed that these files contained in the attack had the same names and belonged to Lazarus Group. Executive at Debridge Finance have advised not to open email attachment without verifying the sender’s full email address.
Source: https://www.thecoinrepublic.com/2022/08/07/debridge-finance-accuses-north-korean-hackers-lazarus-group-of-cyberattack/