North Korean Hackers Steal Over $3 Billion in Crypto via Fake Blockchain Game
In a striking revelation, a cybersecurity firm has uncovered that a notorious hacking group from North Korea has managed to steal over $3 billion in cryptocurrency through a fraudulent blockchain game.
According to Kaspersky Lab, the Lazarus Group exploited a critical vulnerability in the Google Chrome browser, which enabled them to drain the crypto wallets of unsuspecting users.
The investigation revealed that the hackers executed this extensive operation from 2016 to 2022, utilizing a fake game named DeTankZone or DeTankWar that focused on Non-Fungible Tokens (NFTs) to lure victims. Analysts Vasily Berdnikov and Boris Larin noted that the hackers directed their targets to a malicious website, where malware called Manuscript was deployed, corrupting Chrome’s memory and allowing the attackers to capture sensitive information like passwords and authentication tokens.
The hackers’ tactics were further highlighted by their execution of 25 separate attacks, during which they laundered approximately $200 million in stolen cryptocurrency. It was also discovered that a network of North Korean developers is involved with established crypto projects, reportedly earning around $500,000 per month.
READ MORE: Denmark Plans Tax on Unrealized Crypto Gains
Kaspersky Lab first identified the Lazarus Group’s activities in May and promptly alerted Google to the vulnerability. Unfortunately, it took Google 12 days to implement a fix for the zero-day exploit. Larin emphasized that the scale and organization behind the hacking campaign suggest a well-thought-out strategy, potentially signaling broader implications for the cybersecurity landscape.
This incident serves as a stark reminder of the persistent threat posed by hackers and underscores the necessity for continual updates to security measures on platforms to combat emerging cybersecurity risks.