The notorious Lazarus Group just tried to pull a fast one on BitMEX, and tripped over their own shoelaces. In a May 30 blog post, the crypto exchange said it successfully blocked a phishing attempt from the North Korea-linked hackers, describing their techniques as anything but cutting-edge.
The plot? A classic case of LinkedIn make-believe. An unsuspecting BitMEX employee was approached under the guise of a Web3 NFT collab. Cue eye roll. The scammer dangled a GitHub project stuffed with malicious code, hoping the target would bite. Spoiler: they didn’t.
BitMEX’s security team spotted the shady JavaScript payload in no time and linked it back to infrastructure previously used by Lazarus. “The interaction is pretty much known if you are familiar with Lazarus’ tactics,” BitMEX shrugged.
Clumsy Hackers, Big Consequences
In a twist that’d make any spy thriller blush, one IP address tied to the attack turned out to be in Jiaxing, China, just 100 km from Shanghai. North Korea’s digital ghosts really aren’t great at covering their tracks.
According to BitMEX, Lazarus tends to lead with cheap tricks, phishing, fake job offers, that sort of thing, before unleashing more advanced mischief. Think of it as hacking with training wheels before pulling off smart contract tampering and cloud shenanigans.
Turns out, not all of Lazarus’ digital ninjas are created equal. Their operations seem split across subgroups, some sharp, others… well, less so. “Many documented examples show how sloppy some of these frontline teams are,” BitMEX noted, comparing their early-stage bungles to the more refined chaos that follows.
Billions Stolen and Missiles Funded
But don’t let the amateur hour act fool you. In 2024 alone, crypto losses linked to North Korean hackers hit $1.34 billion, according to Chainalysis, a record high and a whopping 102% leap over 2023’s $660 million.
And the hits just keep on coming. In February, the group drained over $1.5 billion from Bybit, all thanks to one compromised employee at Safe Wallet clicking the wrong thing. Another Lazarus caper targeted Radiant Capital, this time using a malicious PDF to slide in the backdoor.
Nominis CEO Snir Levi had a blunt warning: “Lazarus is out there trying to scam people every single day.” Despite their growing notoriety, they’re not slowing down.
BitMEX’s reveal follows a May report from Kraken, which also flagged a Lazarus job-hunting attempt. The bigger picture? These crypto raids may be more than just theft. U.S. officials say they help bankroll North Korea’s missile program, with some estimates claiming the stolen funds could be covering half the regime’s weapons budget.
So yes, while Lazarus sometimes looks like the digital equivalent of a prank call, they’re still pulling off billion-dollar heists. Let’s just say BitMEX won this round, but it’s still game on.
Abimbola Adu
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.
