North Korean Hackers Lure Victims with Bogus NFT Game in Crypto Heist

• North Korean Hackers used a fake NFT game to exploit a Google Chrome vulnerability, targeting crypto wallets.
• The attackers created a clone of DeTankZone game with embedded malicious code that could infect devices without downloads.
• Kaspersky Labs discovered the zero-day vulnerability in Chrome’s V8 JavaScript engine that allowed remote code execution.
• The Lazarus Group has stolen over $3 billion in digital assets between 2017 and 2023.
• Social engineering tactics included AI-generated marketing and crypto influencer engagement to promote the malicious game.

Security researchers have identified a complex cyberattack allegedly conducted by north korea‘s Lazarus Group using a counterfeit NFT-based game to compromise cryptocurrency wallets through a Google Chrome security flaw.

Technical Details of the Attack

According to Kaspersky Labs analysts Boris Larin and Vasily Berdnikov, who documented the attack, the hackers created a clone of a blockchain game called DeTankZone, marketing it as a P2E MOBA game.

The malicious website, detankzone[.]com, contained code that could infect visitors’ devices without requiring any downloads. The attack exploited a critical vulnerability in Chrome’s V8 JavaScript engine, bypassing security measures and enabling remote code execution.

The hackers deployed an advanced Malware called Manuscrypt, which gave them control over infected systems. While Google patched the vulnerability following Kaspersky’s report, the attackers had already successfully exploited it.

Sophisticated Social Engineering Campaign

The attack’s sophistication extended beyond technical exploitation. The hackers implemented an extensive social engineering strategy, including:

• Professional website development
• Premium LinkedIn accounts
• AI-generated marketing materials
• Engagement with prominent crypto influencers
• Promotion across social media platforms

The fake game was fully functional, complete with 3D models, logos, and gameplay elements, adding credibility to the deception.

Lazarus Group’s Cryptocurrency Theft History

The group’s involvement in cryptocurrency theft has been substantial:

• On-chain investigator ZachXBT linked them to over 25 crypto hacks between 2020-2023, resulting in $200 million in stolen funds
• The U.S. Treasury Department identified them as responsible for the $600 million Ronin Bridge hack in 2022
• According to 21.co’s September 2023 data, the group held $47 million in various cryptocurrencies

Their total cryptocurrency theft between 2017 and 2023 amounts to more than $3 billion, highlighting their significant impact on the cryptocurrency ecosystem.

Current Holdings and Impact

Recent data from 21Shares’ parent company shows the group maintains substantial positions in various cryptocurrencies, including:

• Bitcoin (BTC)
• Binance Coin (BNB)
• Avalanche (AVAX)
• Polygon (MATIC)

This incident represents the latest evolution in cryptocurrency-focused cyberattacks, demonstrating how malicious actors combine technical exploitation with social engineering to target digital assets.

The case serves as a reminder for cryptocurrency investors to maintain vigilance when interacting with new blockchain-based applications and to keep their browsers updated with the latest security patches.

Previous Articles:

• Stripe Snaps Up Bridge as Bluesky Secures $15M Funding Boost
• Bitcoin Dev Todd Takes Security Steps After Satoshi Speculation Surfaces
• Tesla’s Bitcoin Drama: Why Crypto Markets Now Shrug Off Musk’s Moves
• Warriors Partner with Coinbase to Enhance Fan Experience Through Blockchain
• Diamante: Redefining Blockchain with a Quantum-Resilient Hybrid Network