A cybersecurity firm yesterday reported that a group of notorious hackers from North Korea was able to steal $3 billion worth of cryptocurrency from users by devising a fake blockchain game. Kaspersky Lab said that the Lazarus Group took advantage of a key vulnerability in the Google Chrome browser that allowed them to drain the crypto wallets of their victims.
It was reported that the North Korean hackers used the fake game to steal more than $3 billion in cryptocurrency — an operation the group successfully conducted within a six-year period, from 2016 to 2022.
The heist is the adverse consequence of Google’s failure to patch a vulnerability in the Chrome browser.
Meanwhile, a blockchain detective conducting a separate investigation found that the Lazarus Group executed 25 hacking attacks, laundering $200 million worth of crypto.
It also uncovered the existence of a network of developers in North Korea that works for “established” cryptocurrency projects. The network allegedly gets a monthly paycheck of $500,000.
Vasily Berdnikov and Boris Larin, analysts of Kaspersky Labs, said that the Lazarus Group created a fake game called DeTankZone or DeTankWar that revolves around Non-Fungible Tokens (NFTs) to siphon the crypto wallets of their victims.
The analysts revealed that the hackers made use of the zero-day vulnerability in the Chrome browser in their unscrupulous act.
Website appearance and the hidden exploit loader. Source: Kaspersky Lab
Berdnikov and Larin explained that hackers used the fake game to persuade their victims and led them to a malicious website, which inject malware into their computers called Manuscript.
With the use of Manuscript, the hackers were able to corrupt Chrome’s memory, allowing them to obtain users’ passwords, authentication tokens, and everything they needed to steal the crypto of their unwitting victims.
Kaspersky Lab analysts discovered what the Lazarus Group was doing in May. Berdnikov and Larin immediately relayed to Google the issue so the platform could fix the vulnerability.
However, Google was unprepared to address the zero-day vulnerability issue, taking them 12 days to fix the vulnerability.
Boris Larin, a principal security expert from Kaspersky Lab, said that the notable effort invested by the hacker group in the said hacking campaign indicates that the group has an ambitious plan.
Larin noted that what the group has done might have broader impact than previously thought.
The Lazarus Group is a reminder that the battle against hackers continues. Chrome’s vulnerabilities emphasized that platforms should always ensure that their security measures are updated and be vigilant of cybersecurity threats.
Featured image from Le Parisien, chart from TradingView
WARNING: This article deals with suicide. Discretion is advised. Laurenta and Randall Colombe say their…
The ALPS Sector Dividend Dogs ETF (SDOG) is capturing a market rotation away from technology…
Trump has launched strikes on Iran while Congress debates war powers.Inside the Washington bubble, we…
Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure Ethereum saw…
A union representing Saskatchewan library workers says they are dealing with escalating threats and violence.…
As AI and machine learning are increasingly becoming part of day-to-day conversations, it may be…