On Friday, Alex Smirnov, co-founder and project lead of DeBridge Finance, took to Twitter to disclose that his company was the target of an attempted hack by the notorious North Korean Lazarus Group. Smirnov said that the attack came from North Korea.
For the purpose of transferring data and assets from one blockchain to another, DeBridge offers a protocol that facilitates cross-chain interoperability and liquidity.
The attack was carried out via a faked email that purported to originate from Smirnov and was received by multiple members of the DeBridge team. The email contained a PDF file with the name “New Salary Adjustments.”
Email spoofing is a type of cyber attack in which a malicious email is made to appear as though it came from a reliable source, in this example from the company’s co-founder.
According to Smirnov has said, “We have stringent internal security measures, and we work regularly on enhancing them as well as educating the team about probable attack routes.”
Smirnov added that despite this, one individual did download and open the file, which resulted in an assault being launched against the company’s internal systems. This led to an inquiry into the origin of the attack, how the hackers intended for the attack to work, and any potential ramifications of the attack.
“Fast analysis showed that the code collected A LOT of information about the PC and exported it to [the attacker’s command center],” Smirnov said. “This information includes the username, information about the operating system and CPU, information about network adapters, and information about running processes.”
Smirnov made the connection between what DeBridge saw and a different post on Twitter made by a different user that displayed similar features and pointed to the North Korean cyber group.
1/ @deBridgeFinance has been the subject of an attempted cyberattack, apparently by the Lazarus group.
PSA for all teams in Web3, this campaign is likely widespread. pic.twitter.com/P5bxY46O6m
— deAlex (@AlexSmirnov__) August 5, 2022
Smirnov cautioned others who followed him to never open email attachments without first checking the complete email address of the sender, and he urged them to establish an internal process for how their team communicates attachments.
18/ TL;DR: Never open email attachments without verifying the sender’s full email address, and have an internal protocol for how your team shares attachments!
Please stay SAFU and share this thread to let everyone know about potential attacks 🔐 🤝
— deAlex (@AlexSmirnov__) August 5, 2022
“Never open email attachments without verifying the sender’s full email address, and have an internal protocol for how your team shares attachments! Please stay SAFU and share this thread to let everyone know about potential attacks”
Increasing Activity of Lazarus Group
The Lazarus Group is suspected of being behind a number of high-profile cryptocurrency thefts, including the theft of $622 million worth of ether from the Axie Infinity Ronin Ethereum sidechain in March and the hacking of the Harmony Horizon Bridge cryptocurrency exchange in June.
These kinds of assaults take place with some regularity, “David Schwed, chief operating officer of blockchain security company Halborn, makes the following observation. “They capitalize on people’s natural tendency to be curious by giving the names of the files something that is likely to stimulate their curiosity, such as “salary information.”
“The increased stakes as a result of the immutability of blockchain transactions are causing us to see more and more of these types of attacks specifically targeting blockchain companies,” Schwed continued. “We are seeing more and more of these types of attacks specifically targeting blockchain companies.”
More Stories:
Co-Marketing Agreement with Coinbase Will Help BlackRock Increase Crypto Access Points
Nomad Announces Bounty of $190M for the Recovery of Stolen Cash