Binance founder Changpeng Zhao (CZ) has issued a warning to crypto projects about North Korean hackers.
He detailed how the group is using increasingly sophisticated tactics to gain access to companies.
Operatives Are Exploiting Hiring Process
CZ shared his concerns via a September 18 X post, describing the hackers as “advanced, creative, and patient.” He explained how the most common method used by these individuals involves posing as job candidates to secure roles in companies, particularly in developer, security, and finance positions, giving them a “foot in the door.”
In other cases, the group poses as employers and attempts to interview staff, using the process to distribute malware. Zhao noted that during these sessions, the attackers often claim there is a problem with Zoom and then send a link to an “update” carrying a virus, or they provide coding questions followed by “sample code” embedded with malware.
Another tactic involves pretending to be users who file customer support requests containing malicious links. CZ added that hackers also pay or bribe employees and hired vendors to gain access to data, pointing to a recent case in India where an outsourcing service was compromised, resulting in the leak of data from a major U.S. exchange and losses exceeding $400 million.
This alert follows the release of a report by cybersecurity group Security Alliance (SEAL), profiling over 60 impostors linked to North Korean operations. The report says that these attackers built fake LinkedIn profiles, set up GitHub portfolios, and used forged government IDs to make their applications look real.
Shift in Methods
North Korean hackers have always been a major threat in the crypto industry, with over $1.3 billion worth of assets stolen in 2024 alone. Traditionally, they have relied on phishing, malware, and private key compromises to loot from exchanges. However, recent reports suggest they are moving towards targeting human resources.
A separate investigation by ZachXBT also uncovered how a small DPRK team of five IT workers operated over 30 fake identities at crypto firms. Elsewhere, Coinbase also recently reported a similar threat from these bad actors. The exchange shared that they are increasingly targeting their remote worker policy to infiltrate sensitive systems.
CEO Brian Armstrong has since announced changes to the company’s internal security protocols, including mandatory in-person onboarding in the U.S., fingerprinting, and U.S. citizenship requirements for employees with system-level access. The exchange also introduced stricter interview procedures, such as requiring cameras to remain on, to prevent impersonation and AI-assisted coaching.
In light of the growing threat to the job market, CZ has urged crypto platforms to train their employees not to download files and to screen potential candidates carefully.
SPECIAL OFFER (Sponsored)
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
Web3 security experts consider North Korea’s Lazarus Group the most prominent and sophisticated threat to the crypto industry in 2024.
Earlier this week, the infamous Lazarus Group reportedly funneled $12 million through crypto tumbler Tornado Cash. The funds were allegedly linked to last November’s HTX and Heco Bridge hack, which saw the platforms lose over $90 million.
However, this wasn’t the group’s only heist in 2023. Throughout the year, the North Korea-backed hackers compromised over $400 million worth of assets across various crypto platforms, including CoinEX, Poloniex, Stake.com, and Atomic Wallet. In 2022, the group was responsible for the biggest defi hack in history, as it compromised the Ronin Network to steal approximately $620 million.
Lazarus’s hacks occurred during a prolonged bear market in the crypto industry, reeling from the effects of FTX and Terra Luna’s collapse. In 2024, with the bull market running in full swing, significant tokens reaching all-time highs, and novel meme coins driving billions of dollars inflow into the market, Lazarus’s concerns are more prominent than ever.
Lazarus hacks in the second half of 2023
To understand how the industry should prepare for such risks, crypto.news reached out to web3 security provider Cyvers, which exclusively detected the Poloniex hack last year.
How does Lazarus carry out its million-dollar crypto heists?
According to Cyvers CEO Deddy Lavid, the Lazarus Group has shifted its cyberattack strategies significantly in 2023, targeting centralized entities with a refined and dynamic approach. Moving beyond traditional phishing and brute force methods, the group now employs AI-driven phishing campaigns and complex smart contract exploits.
Onchain Topologies used by Lazarus hackers | Image provided by Cyvers
Specifically, the attacks on Poloniex and HTX focused on stealing private keys and launching a series of small attacks in a short period. The group also used pre-programmed bots to run automated attacks. The bots tend to live in a system for a long time undetected before starting to exfiltrate the assets.
Lavid also mentioned that Lazarus Group’s operational methods resemble military precision, reflecting a rare level of professionalism among cybercriminal syndicates. Lavid outlines a recurring pattern in their attacks: initial infiltration through social engineering, remaining dormant within the target organization for months, and stealing private keys for a series of quick, well-orchestrated attacks involving dry runs and fast, anomalous transaction rates.
The preparatory phase is followed by dispersing the stolen assets across multiple blockchains, eventually funneling them through mixers or exchanges for laundering.
So, while the crypto bull run of 2024 offers an exhilarating prospect for investors and innovators alike, it also presents an urgent call to arms for the security sector.
“My analysis emphasizes the need for increased security measures in the cryptocurrency and blockchain space, urging a deeper recognition of information security’s importance, a call for more security professionals, and a focus on proactive attack prevention.”
– Deddy Lavid, CEO at Cyvers
In 2024, Lavid foresees a crypto market that outgrows its nascent vulnerabilities to adopt a more mature approach to security.
Crypto platforms need to allocate greater resources towards developing security expertise within companies and a holistic strategy that preempts attacks and comprehensively addresses potential fraud across the blockchain.
Explore the biggest crypto hacks of 2023 in our comprehensive review, including the roles of notorious hacking groups and their impact on the crypto industry.
Cryptocurrency hacks in 2023 have seen the industry lose over $1 billion, with the largest hacks occurring in the final quarters of the year. The recent bull market has marked the end of a prolonged crypto winter that started in 2022, driven by the Terra LUNA crash and the FTX collapse. However, this has also renewed hackers’ interest in the market, with more malicious threats targeting major defi protocols and crypto exchanges.
From the multi-million dollar heist at Mixin to the sophisticated phishing scams affecting individual investors, each hack provided a stark reminder of the ongoing battle between cybersecurity and cybercriminals in the digital age. So, what were the largest crypto hacks of 2023? Let’s find out.
Mixin breach ($200m): biggest crypto hack of 2023
September 2023 saw arguably the largest recent crypto hack, as the Mixin platform suffered a staggering loss of $200 million. This incident unfolded through a data breach of Mixin’s cloud service provider. The platform could not track down the attacker or recover the stolen funds. However, Mixin committed to compensating users for half of their lost holdings.
[Update] After statistical analysis, the affected assets in this incident were mainly ERC20-USDT, ETH, and BTC. Other assets were not affected. The specific compensation details are still under discussion. Please stay tuned for updates on the progress of this incident. In order… https://t.co/XHlNmJFbeZ
In March 2023, Euler Finance experienced a significant hack, losing nearly $200 million. The breach was initially identified by PeckShield, a blockchain security firm, which noticed unusual transaction activity on the platform. These transactions were later confirmed as the method through which $197 million in cryptocurrency was stolen.
However, in a rare occurrence, the stolen funds were unexpectedly returned to Euler Finance a few weeks after the hack. An apology note was included in one of the return transactions, as observed on Etherscan.
Poloniex hack (over $120m)
Popular crypto exchange Poloniex faced a security breach in November, leading to a loss exceeding $33 million, later revised to over $120 million. The unauthorized outflow of funds from its hot wallet affected multiple networks, including Ethereum (ETH) and Bitcoin (BTC). Justin Sun, the majority shareholder of Poloniex, reassured the community of the exchange’s financial stability and pledged full reimbursement for the lost assets.
To resolve the situation, Sun initially offered a $10 million bounty to the cryptocurrency hackers for returning a significant portion of the funds within a week and provided wallet addresses for potential reimbursement. However, as per the latest reports, the hackers did not respond. Poloniex continues its internal investigation and remains committed to compensating affected users.
HTX hack ($110 m)
Yet another exchange linked to Justin Sun experienced a major breach this year. HTX, formerly known as Huobi, experienced a significant security breach, leading to a net outflow of $250 million after resuming operations.
This outflow followed the November attack in which HTX lost around $110 million, according to Sun. The incident prompted a temporary suspension of withdrawals and deposits. Despite the substantial outflow, an HTX emphasized that user funds were safe.
MultiChain rug pull ($130m)
In July, MultiChain, a cross-chain protocol, reported suspicious withdrawals totaling $130 million, sparking concerns of a hack or rug pull. The series of transactions led to the Chinese authorities’ arrest of MultiChain’s CEO, Zhaojun, fueling speculation of insider involvement.
Zhaojun’s devices, including phones and hardware wallets, were confiscated. The incident led to MultiChain ceasing operations, as detailed in a post on social media. The closure of MultiChain followed these events, leaving many questions about the true nature of the incident.
Atomic Wallet hack ($100m)
In June, Atomic Wallet, a widely-used software crypto wallet, was hacked, leading to the loss of $100 million. The breach impacted over 5,000 user accounts, with some users experiencing partial thefts and others having their wallets completely emptied.
The initial suspicion pointed toward the Lazarus hacking group. The incident led to a class-action lawsuit from Russian investors against Atomic Wallet in August 2023. The latter claimed that the trace led to the Ukrainian group of hackers. However, there has been no proof of this statement since then.
The company’s response to the crypto hack and the legal repercussions are yet to be fully resolved.
CoinEx hack ($70m)
Crypto exchange CoinEx suffered a major security breach in September, resulting in the theft of $70 million. Crypto hackers accessed numerous private keys for user hot wallets, transferring substantial amounts of various cryptocurrencies, including nearly 5,000 ETH and 231 BTC.
Despite the significant loss, CoinEx’s cold wallets remained unaffected. The North Korean Lazarus group is suspected to be behind this attack.
KyberSwap hack ($47m)
The KyberSwap hack in November 2023 stands out for its complexity and the significant loss incurred. The multi-chain decentralized exchange aggregator fell victim to a smart contract reentrancy attack, leading to the theft of $47 million across various networks, including Ethereum, Polygon (MATIC), Arbitrum (ARB), and Optimism (OP).
This breach resulted in a drastic 90% drop in KyberSwap’s total value locked, falling from $84.9 million to just $8.28 million, showcasing the severe impact of smart contract vulnerabilities.
The hacker behind this attack made unusual demands, seeking total control over KyberSwap’s protocol, which included its governance mechanism and company assets. These demands, attached to a transaction on Etherscan, were unprecedented and highlighted a new level of boldness in crypto hacking.
The hacker sought to overhaul KyberSwap’s operational structure, including employee salaries and executive buyouts. This incident reflects the technical vulnerabilities of defi platforms and underscores the evolving challenges in securing defi ecosystems against increasingly sophisticated attacks.
Stake hack ($41m)
September was undoubtedly one of the costliest months this year, with the number of hacks exceeding all other months in 2023. Popular crypto gambling platform Stake also suffered a breach that month, leading to a theft of $41 million.
This hack specifically targeted users’ crypto hot wallets, and the assets stolen included Ethereum and Dai, among others. All funds were initially transferred to a single wallet, believed to belong to the hacker, and then dispersed to various other wallets. This dispersion tactic made tracking the stolen assets more challenging. The FBI’s investigation later confirmed the involvement of the North Korean Lazarus hacking group in this theft, although the stolen funds remain unrecovered.
North Korea’s Lazarus group: state-affiliated threat in crypto hacks
In 2023, the Lazarus Group, a North Korea-linked hacker organization, has been a prominent actor in the crypto hacking landscape. They have been responsible for over $300 million in crypto hacking incidents, accounting for approximately 17.6% of the total losses incurred in the crypto industry during the year. This contribution to the total losses highlights the group’s significant impact on the crypto space.
Historically, the Lazarus Group has been involved in some of the largest cyberattacks, dating back to their activities against Sony Pictures in 2014. Over the years, they have shifted their focus to crypto protocols, acquiring billions of dollars from these attacks. From 2021 to 2023, approximately $1.9 billion has been stolen from various crypto projects, showcasing the group’s persistence and evolving tactics.
In 2023, the Lazarus Group executed at least five attacks, including a notable $70 million theft from the Hong Kong-based crypto exchange CoinEx. Their strategy moved towards targeting centralized finance platforms and noncustodial crypto wallets, demonstrating keen adaptability to the changing landscape of the crypto industry.
Despite a global decline in the overall amount of money stolen in digital asset hacks, the threat posed by groups like Lazarus remains significant. Law enforcement agencies have been actively combating these activities by tracing stolen funds and disrupting crypto mixers, which obscure illicit funds’ origins. The U.S. Treasury Department has addressed these challenges by sanctioning popular mixing services like Tornado Cash and proposing stricter regulations for decentralized platforms.
Crypto hacks in 2024: prospects
The surge of crypto hacks in the latter half of 2023 reflects a concerning narrative for the industry heading into 2024. The upcoming year is poised to be a crucial time for crypto, with the expectations around the Bitcoin spot ETF launch in January and the Bitcoin halving event in April.
So, the industry is preparing for a busy 2024, and so will the hackers. Building industry-wide resilience would be the key to curbing these large-scale threats; otherwise, we might be in for a costlier new year.
FAQs
Can blockchain be hacked?
While blockchain technology is generally secure due to its decentralized and encrypted nature, it is not completely immune to hacking, especially through vulnerabilities in smart contracts or centralized points like exchanges.
Is Bitcoin hackable?
Bitcoin’s core blockchain protocol is highly secure, but Bitcoin exchanges and wallets can be vulnerable to hacking.
What is the world’s largest crypto exchange hack?
The world’s largest crypto exchange hack occurred at Coincheck in 2018. The company lost $534 million worth of NEM tokens.
What is the biggest hack in Bitcoin history?
The most significant Bitcoin hack was the Mt. Gox incident in 2014, where approximately 850,000 bitcoins were stolen, greatly impacting the Bitcoin community and market.
What are the latest crypto hacks?
Recent notable crypto hacks include the attacks on Ledger, HTX, KyberSwap, and Poloniex, with losses mounting over hundreds of millions.
