Cross-chain protocol company deBridge Finance has been subject to an email-based cyberattack, which took the form of an email address from its co-founder Alex Smirnov titled “New Salary Adjustments”.
The company accuses North Korea’s Lazarus Group for the attack, which it successfully managed to thwart. The co-founder proceeded to warn the crypto community on Twitter that the attack may be a widespread campaign targeting web3 platforms.
According to Smirnov’s account of the situation, macOS users were safe, as opening the link would lead to a zip archive. On the other hand, Windows users were directed to an archive with a password-protected PDF file and an additional file named Password.txt.lnk, which infected the system. Upon opening it, the file would be saved to the autostart folder, communicating with the attacker to receive instructions.
The co-founder urged companies to never open email attachments without first verifying the sender and have a protocol in place for how to share attachments safely.
In mid-April 2022, the notorious hacking syndicate was declared a threat to the crypto community by the U.S. Treasury Department, the Federal Bureau of Investigation (FBI), and Infrastructure Security Agency (CISA) for operating largescale financial exploits on a number of crypto exchanges, NFT marketplaces, and individual investors with significant holdings.
A week after the FBI’s warning, the U.S Treasury department’s Office of Foreign Assets Control (OFAC) also integrated three Ethereum-addresses held by Lazarus Group to the Blocked Persons List (SDN) and the Specially Designated Nationals.
The U.S Treasury department’s Office of Foreign Assets Control (OFAC) also tied the hacking group to the recent $620M Axie Infinity’s Ronin Bridge exploit.
Operating for over 10 years on a global scale, the Lazarus Group are a state-sponsored and state-trained North Korean hacking group whose attacks are politically motivated. They are famously known for the Sony attack in 2014, the spread of the WannaCry ransomware in 2017, and their attack on pharmaceutical company and famous vaccine producer, AstraZeneca, in early 2020.
If you see something out of place or would like to contribute to this story, check out our Ethics and Policy section.