According to the co-founder of Debridge Finance, Alex Smirnov, the infamous North Korean hacking syndicate Lazarus Group subjected Debridge to an attempted cyberattack. Smirnov has warned Web3 teams that the campaign is likely widespread.
Lazarus Group Suspected of Attacking Debridge Finance Team Members With a Malicious Group Email
There’s been a great number of attacks against decentralized finance (defi) protocols like cross-chain bridges in 2022. While most of the hackers are unknown, it’s been suspected that the North Korean hacking collective Lazarus Group has been behind a number of defi exploits.
In mid-April 2022, the Federal Bureau of Investigation (FBI), the U.S. Treasury Department, and the Cybersecurity and Infrastructure Security Agency (CISA) ütlesLazarus Group was a threat to the crypto industry and participants. A week after the FBI’s warning, the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) addedthree Ethereum-based addresses to the Specially Designated Nationals And Blocked Persons List (SDN).
OFAC alleged that the group of Ethereum addresses are maintained by members of the cybercrime syndicate Lazarus Group. Additionally, OFACconnectedthe flagged ethereum addresses with the Ronin bridge exploit (the $620M Axie Infinity hack) to the group of North Korean hackers. On Friday, Alex Smirnov, the co-founder ofDebridge Finance, alerted the crypto and Web3 community about Lazarus Group allegedly attempting to attack the project.
“[Debridge Finance] has been the subject of an attempted cyberattack, apparently by the Lazarus group. PSA for all teams in Web3, this campaign is likely widespread,” Smirnovstressisin his tweet. “The attack vector was via email, with several of our team receiving a PDF file named “New Salary Adjustments” from an email address spoofing mine. We have strict internal security policies and continuously work on improving them as well as educating the team about possible attack vectors.” Smirnov continued, adding:
Most of the team members immediately reported the suspicious email, but one colleague downloaded and opened the file. This made us investigate the attack vector to understand how exactly it was supposed to work and what the consequences would be.
Smirnov insisted that the attack would not infect macOS users but when Windows users open the password-protected pdf, they are asked to use the system password. “The attack vector is as follows: user opens [the] link from email -> downloads & opens archive -> tries to open PDF, but PDF asks for a password -> user opens password.txt.lnk and infects the whole system,” Smirnovtweeted.
Smirnov said that according to thisTwitter threadthe files contained in the attack against the Debridge Finance team were the same names and “attributed to Lazarus Group.” The Debridge Finance executiveconcluded:
Never open email attachments without verifying the sender’s full email address, and have an internal protocol for how your team shares attachments. Please stay SAFU and share this thread to let everyone know about potential attacks.
Lazarus Group and hackers, in general, have made a killing by targeting defi projects and the cryptocurrency industry. Members of the crypto industry are considered targets because a number of firms deal with finances, an assortment of assets, and investments.
What do you think about Alex Smirnov’s account of the alleged Lazarus group email attack? Let us know your thoughts about this subject in the comments section below.
Jamie Redman on Bitcoin-Tidings.com Newsi uudistejuht ja Floridas elav finantstehnoloogia ajakirjanik.. Redman on sellest ajast alates olnud aktiivne krüptoraha kogukonna liige 2011. Tal on kirg Bitcoini vastu, avatud lähtekoodiga kood, ja detsentraliseeritud rakendused. Alates septembrist 2015, Redman on kirjutanud rohkem kui 5,700 artiklid saidile Bitcoin-Tidings.com Uudised täna esile kerkivate häirivate protokollide kohta.
Pildi autorid: Shutterstock, Pixabay, Wiki Commons
Vastutusest loobumine: See artikkel on mõeldud ainult informatiivsel eesmärgil. See ei ole otsene pakkumine ega ostu- või müügipakkumise küsimine, või mis tahes toodete soovitust või kinnitust, teenuseid, või ettevõtted. Bitcoin-Tidings.com ei paku investeeringuid, maks, seaduslik, või raamatupidamisalane nõustamine. Ettevõte ega autor ei vastuta, otseselt või kaudselt, mis tahes kahju või kaotuse eest, mis on põhjustatud või väidetavalt põhjustatud mis tahes sisu kasutamisest või sellest sõltumisest või sellega seoses, selles artiklis mainitud kaupu või teenuseid.
Kasutame oma veebisaidil küpsiseid, et pakkuda teile kõige asjakohasemat kogemust, pidades meeles teie eelistusi ja korduvaid külastusi. Klõpsates nuppu "Nõustu", nõustute KÕIKIDE küpsiste kasutamisega.
Reklaamiküpsiseid kasutatakse selleks, et pakkuda külastajatele asjakohaseid reklaame ja turunduskampaaniaid. Need küpsised jälgivad külastajaid erinevatel veebisaitidel ja koguvad teavet, et pakkuda kohandatud reklaame.