BitMEX thwarts Lazarus Group hack, exposing hackers’ code flaws and IP addresses, revealing operational security lapses.
The malware displayed notably weak operational security, enabling BitMEX to track several members’ IP addresses and active hours. However, BitMEX noted it only outsmarted Lazarus’ less skilled hackers, not their top operatives.
BitMEX Confronts Lazarus Group
The Lazarus Group, a notorious North Korean hacking collective behind the largest crypto heist ever, has stolen and laundered massive sums using advanced DeFi networks.
Yet, as detailed in a recent blog post, their recent attempt to infiltrate BitMEX was thwarted.
A Lazarus hacker tried to deceive a BitMEX employee with a fake Web3 NFT marketplace collaboration request. The employee alerted security, who engaged the scammer to obtain the malware. BitMEX analysts then dissected it, gaining insights into the group’s structure:
“Over the past few years, it seems the group has split into various subgroups with differing technical expertise. This is clear from the sloppy practices of ‘frontline’ groups executing social engineering attacks compared to the more advanced post-exploitation methods,” BitMEX stated.
The initial malware was poorly crafted, allowing BitMEX to uncover a list of IP addresses from compromised systems and detect test runs.
One China-based Lazarus member left revealing data in the database, which BitMEX used to profile other members and their working hours.
BitMEX’s efforts help dismantle the Lazarus Group’s image of being untouchable and highly skilled. As a veteran derivatives exchange, BitMEX is an unexpected player in uncovering these flaws.
Rather than a renowned crypto investigator, a private firm, recently out of the spotlight, cracked this case.
Still, the victory should not be overstated. The Lazarus Group deployed their less capable team for the BitMEX attack, but their elite hackers could have exploited a successful breach.
BitMEX took advantage of the group’s poor operational security, but its members remain anonymous. They are likely to achieve future successes against less secure targets.
