- Bitmex stopped a phishing attempt by the North Korea-linked Lazarus Group targeting its staff for a crypto scam.
- The attacker used social engineering on LinkedIn, posing as a collaborator on Web3 NFTs, and sent code from GitHub meant to infect the victim’s computer.
- BitMEX said it found an obfuscated JavaScript payload, traced back to Lazarus Group infrastructure, and noticed a related IP address in Jiaxing, China.
- Experts report that Lazarus Group relies on social engineering and simple phishing to gain access, but has used more complex hacks after initial contact.
- Chainalysis reported $1.34 billion in stolen cryptocurrency linked to North Korea in 2024, making up 61% of global crypto thefts that year.
On May 30, crypto exchange BitMEX reported it blocked a phishing attack by the Lazarus Group, a Hacking organization from North Korea known for targeting the crypto industry. The attempt involved reaching out to a BitMEX employee on LinkedIn under the pretense of working together on a Web3 NFT project.
According to a blog post by BitMEX, the attacker tried to trick the employee into running a GitHub project loaded with malicious code, a method frequently used by Lazarus. The exchange said its security team quickly recognized harmful JavaScript hidden in the code and connected it to past Lazarus operations.
“The interaction is pretty much known if you are familiar with Lazarus’ tactics,” BitMEX wrote. The company also discovered an IP address linked to the attack came from Jiaxing, China, about 100 kilometers from Shanghai. BitMEX described Lazarus’ methods as “relatively unsophisticated,” usually starting with phishing to get into a target’s systems.
Investigators and experts believe Lazarus’ activities are split among several subgroups, some using basic schemes like fake job offers or phishing, while others carry out more advanced attacks after gaining initial access. Chainalysis estimates North Korean-linked Hackers stole $1.34 billion in cryptocurrency across 47 incidents in 2024—a 102% rise from 2023 and the highest on record.
Nominis CEO Snir Levi told Decrypt that Lazarus continues to use a variety of techniques to steal cryptocurrency. “Based on the complaints we collect from individuals, we can assume that they are trying to defraud people on a daily basis,” he said.
Past incidents by Lazarus include a hack involving over $1.4 billion drained from Bybit in February, which also began with a social engineering attack. Other operations have involved sending malicious PDFs, tampering with smart contracts, and manipulating cloud systems. The recent BitMEX incident adds to a series of public claims, including a recent Kraken.com/product/security-report-protecting-crypto-against-hr-social-engineering”>Kraken report of a North Korean hiring attempt.
Officials say funds stolen by such groups often fill the budgets for North Korea’s weapons programs, supplying as much as half of the regime’s missile development-funding, according to some reports.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- CoinFerenceX Dubai 2025: Where Decentralization Took the Main Stage
- Elon Musk’s X Launches XChats With Bitcoin-Style Encryption
- Monero Spy Node Map Shows Public XMR Nodes, Even in Antarctica
- Bitcoin Climbs Above $105K; Signs Suggest Rally Nearing Top
- GameStop Buys $512M in Bitcoin, Joins Corporate Crypto Trend
