Home Ethereum Debridge Finance Suspects North Korean Hacking Group Lazarus Of Attacking Protocol Team

Debridge Finance Suspects North Korean Hacking Group Lazarus Of Attacking Protocol Team

Debridge Finance Suspects North Korean Hacking Group Lazarus Of Attacking Protocol Team

Based on Debridge Finance co-founder Alex Smirnov, the notorious North Korean hacking syndicate Lazarus Group has subjected Debridge to an attempted cyber attack. Smirnov warned Web3 groups that the marketing campaign is likely to go mainstream.

Lazarus Group suspected of attacking members of Debridge Finance Group with malicious email

There have been a large number of attacks on decentralized finance (defi) protocols like cross-chain bridges in 2022. While many of the hackers are unknown, it is suspected that the North Korean hacking collective Lazarus Group is at the origin of various challenge feats.

In mid-April 2022, the Federal Bureau of Investigation (FBI), the US Treasury Division, and the Cybersecurity and Infrastructure Safety Company (CISA) declared the Lazarus Group to be a threat to the crypto trade and its members. A week after the FBI’s warning, the US Treasury Division’s Office of Overseas Asset Management (OFAC) added three Ethereum-based addresses to the Specially Designated Nationals and Blocked Persons (SDN) list.

OFAC has alleged that the Ethereum address pool is operated by members of the cybercrime syndicate Lazarus Group. Additionally, OFAC has linked reported Ethereum addresses with the Ronin Bridge exploit (the $620 million Axie Infinity hack) to the North Korean hacker group. Friday, Alex Smirnovthe co-founder of Debridge Finance, alerted the crypto and Web3 community to the Lazarus Group which allegedly tried to take on the challenge.

“[Debridge Finance] was the subject of an attempted cyberattack, apparently by the Lazarus group. PSA for all Web3 groups, this marketing campaign is probably going mainstream,” Smirnov stress in his tweet. “The attack vector was via email, with several members of our team receiving a PDF titled “New Salary Changes” from an email spoofing mine. We have strict homeland security insurance policies and are constantly working to improve them in addition to educating the crew on possible assault vectors. Smirnov continued, inter alia:

Many crew members immediately reported the suspicious email, but a colleague downloaded and opened the file. This led us to look at the Aggression Vector to understand how precisely it was supposed to work and what the implications might be.

Smirnov insisted that the attack would not infect macOS users, but when Windows users open the password-protected pdf, they are prompted to use the system password. “The assault vector is the following: the consumer opens [the] email hyperlink -> downloads and opens archive -> tries to open PDF, but PDF asks for password -> consumer opens password.txt.lnk and infects whole system”, Smirnov tweeted.

Smirnov stated that, in accordance with this Twitter feed the information in the attack on the Debridge Finance team was the same names and “attributed to Lazarus Group”. The Government of Debridge Finance concluded:

Never open email attachments without checking the sender’s full name and have an internal protocol on how your team shares attachments. Please keep SAFU and share this thread so everyone is aware of potential assaults.

The Lazarus Group and hackers, basically, have made a killing focusing on challenge initiatives and cryptocurrency trading. Members of the crypto trade are prime targets as various businesses manage funds, an assortment of assets, and investments.

Tags on this story

Alex Smirnov, Assault, Crypto, Cryptocurrency, Debridge Finance, DeFi, Digital Property, exploit infects system, Hackers, Lazarus Group, Lazarus Group Assault, Malicious Email, North Korea, Lazarus Group North Korea, hackers north koreans, password, public service announcement, suspicious email, mob assault, generalized assault

What do you think of Alex Smirnov’s account of the alleged Lazarus Group email attack? Let us know your thoughts on this topic in the comments section below.


Jamie Redman

Jamie Redman is the Chief Information Officer at Bitcoin.com News and a money-tech reporter residing in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized functions. Since September 2015, Redman has written over 5,700 articles for Bitcoin.com News regarding the disruptive protocols that are currently on the rise.

Photo credit: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This text is for informational purposes only. This is not a direct provision or solicitation of an offer for purchase or promotion, or a suggestion or endorsement of any merchandise, firm or company. Bitcoin.com does not present funding, tax, authorized or accounting recommendations. Neither the company nor the creator is liable, instantaneously or otherwise, for any damage or loss caused or alleged to be attributable to or in reference to the use of or reliance on any content, material or company mentioned in this article.


Please enter your comment!
Please enter your name here