This site uses cookies. Browsing the site, you agree to the use of cookies. If you need more information, please visit the Cookies Policy page
Subscribe
Прямой эфир
Cryptocurrencies: 3445 / Markets: 20760
Market Cap: $ 279 467 464 178 / 24h Vol: $ 133 870 946 778 / BTC Dominance: 62.8308%

Н News

Report: North Korean Hackers Created Realistic Trading Bot to Steal Money

528_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy8xN2QyZDZhN2I4Y2E5MzIxM2FmZWNjMDU1OWVjYWJmYy5qcGc=.jpg

North Korean hacking group Lazarus reportedly created an elaborate ruse to phish DragonEx exchange employees into installing a malware-infested trading bot.

The North Korean hacking team Lazarus Group targeted several crypto exchanges last year, Chainalysis reports. One of the attacks involved the creation of a fake, but realistic trading bot website that was offered to employees of DragonEx exchange.

In March 2019 the hackers stole approximately $7 million in various cryptocurrencies from Singapore-based DragonEx exchange. Though a relatively small sum, the hackers went to great lengths to obtain it.

The group used a sophisticated phishing attack where they created a realistic website and social media presence for a fake company named WFC Proof. The supposed company had created Worldbit-bot, a trading bot that was then offered to DragonEx employees.

Screenshot of the fake website

Screenshot of the fake website. Source: Chainalysis

Though the software allegedly resembled an actual trading bot, it contained malware that could hijack the computer it infected. Eventually the software was installed on a machine that contained the private keys to DragonEx’s hot wallet, allowing the hackers to steal the funds.

The attack is notable for its highly specific target and execution. The hackers appear to be very well versed in cryptocurrencies, even placing an ironic warning on its website to not let anyone access personal private keys.

Quick cash out

The group was previously known for parking the stolen money for up to 18 months and cashing it out once the coast seemed clear.

In 2019 they changed their behavior, choosing to exchange the money as soon as possible. In order to do this, Lazarus began using CoinJoin-enabled wallets to mix their coins.

The hackers cashed out the majority of the money in the 60 days following the attack, as opposed to almost a full year for 2018 attacks.

Source

comments powered by Disqus