Alex Smirnov (co-founder of Debridge Finance), said that the North Korean hacking group Lazarus Group attempted a cyberattack on Debridge. Smirnov warned Web3 users that the campaign could be widespread.
Lazarus Group Suspected to Attack Debridge Finance Team members With Malicious Group Email
There’s been a great number of attacks against decentralized finance (defi) protocols like cross-chain bridges in 2022. While most of the hackers are unknown, it’s been suspected that the North Korean hacking collective Lazarus Group has been behind a number of defi exploits.
Mid-April 2022 saw the Federal Bureau of Investigation and U.S. Treasury Department warn that Lazarus Group could pose a danger to participants and the cryptocurrency industry. A week after the FBI’s warning, the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) added three Ethereum-based addresses to the Specially Designated Nationals And Blocked Persons List (SDN).
OFAC stated that Lazarus Group members are responsible for maintaining the Ethereum addresses. OFAC further connected the flagged addresses and the Ronin bridge exploit (620M Axies Infinity hack), to the group North Korean hackers. Friday Alex SmirnovDebridge Finance’s co-founder, Jeremy, alerted Web3 and crypto communities to the possibility that Lazarus Group was attempting attack the project.
“[Debridge Finance]Apparently, the Lazarus Group attempted a cyberattack on the site. PSA for all teams in Web3, this campaign is likely widespread,” Smirnov stressedIn his tweet. “The attack vector was via email, with several of our team receiving a PDF file named “New Salary Adjustments” from an email address spoofing mine. We have strict internal security policies and continuously work on improving them as well as educating the team about possible attack vectors.” Smirnov continued, adding:
The suspicious email was reported by most members of the team, however one person downloaded and opened it. We investigated the attack vector and discovered how it worked.
Smirnov said that although the malware would not affect macOS users, Windows users who open the password protected pdf will be asked for the system password. “The attack vector is as follows: user opens [the] link from email -> downloads & opens archive -> tries to open PDF, but PDF asks for a password -> user opens password.txt.lnk and infects the whole system,” Smirnov tweeted.
According to Smirnov, Twitter thread the files contained in the attack against the Debridge Finance team were the same names and “attributed to Lazarus Group.” The Debridge Finance executive concluded:
Never open email attachments without verifying the sender’s full email address, and have an internal protocol for how your team shares attachments. To alert everyone about possible attacks, please be safe and keep this thread open.
The hackers and Lazarus Group, as well as other cybercriminals, have made an enormous profit by targeting crypto industry and defi projects. The crypto industry is a target because many firms deal with investments and finances.
What do you think about Alex Smirnov’s account of the alleged Lazarus group email attack? Please share your views on this topic in the comment section.
Images CreditsShutterstock. Pixabay. Wiki Commons
DisclaimerThe information contained in this article is intended to be informative. It does not constitute an offer, solicitation, or recommendation of any company, products or services. Bitcoin.com doesn’t offer investment, tax or legal advice. The author and the company are not responsible for any loss or damage caused or alleged caused by the content or use of any goods, services, or information mentioned in the article.