Cryptocurrencies & Platforms

Study Shows One Hacker Group Is Responsible For More Than Half of Crypto Hacks Since 2017 — Who Are They?

The cryptocurrency industry has been likened to the Wild West, when bandits robbed banks, taverns, and coaches for gold, silver, and greenbacks. However, in the digital age, bandits don’t wield pistols and ride horseback. Rather, they are armed with lines of code, and they commit cybercrime through orchestrated digital hacking attacks.

And just like there were top gangs in the Wild West, the cyber underworld is ruled by digital crime gangs who carry out elaborate cyber attacks, often targeting cryptocurrencies.

A report published on March 26 from Kaspersky Lab, a cybersecurity and anti-virus company, reveals that cybercrime group, allegedly sponsored by North Korea, called Lazarus is responsible for more than half of all crypto hacks since 2017, and continue to target cryptocurrencies and adopt new tactics.

Who Is Lazarus?

Lazarus is the cybercrime group purportedly responsible for stealing $571 million of the $882 million in cryptocurrency stolen from online crypto exchanges from 2017-2018. This staggering amount accounts for nearly 65% of crypto stolen from exchanges during this time period.

Further data from the Group-IB annual report on cybercrime trends reveals that out of 14 separate exchange hacks, 5 of them were attributed to the Lazarus group. Among these exchanges was the record-breaking $532 million NEM (XEM) hack from Japan’s Coincheck crypto exchange.

As previously reported by IIB, the UN Security Council revealed that North Korea is responsible for Asian crypto exchange hacks totaling an estimated $571 million in stolen crypto funds. While it’s not clear which groups facilitated these attacks, it’s likely the Lazarus cybercrime group played a large role.

Lazarus Active With New Operations

According to the report published by Kaspersky Lab, the alleged state-sponsored hacking group has been active with a new type of hacking operation since last November.

Their new operation involves the use of PowerShell, a task automation and configuration management framework which allows the hackers to control Windows and macOS malware.

Per the report, the hackers have developed custom PowerShell scripts that communicate with malicious C2 servers and execute commands from the operator. The C2 server scripts are disguised as popular open-source projects such as WordPress files and others.

Once the malware control session is established with the server, the malware functionality includes:

  • Set sleep time (delay between C2 interactions)
  • Exit malware
  • Collect basic host information
  • Check malware status
  • Show current malware configuration
  • Update malware configuration
  • Execute system shell command
  • Download & Upload files

Kaspersky Lab advises participants involved in the cryptocurrency and fintech sector to remain cautious and exercise best practices to prevent malicious software from being downloaded.

Per the report, they said:

“If you’re part of the booming cryptocurrency or technological startup industry, exercise extra caution when dealing with new third parties or installing software on your systems… And never ‘Enable Content’ (macro scripting) in Microsoft Office documents received from new or untrusted sources.”

All in all, the cryptocurrency and fintech industry still has a ways to go before the proper infrastructure is built to prevent digital hacking groups like Lazarus from stealing cryptocurrency. However, just like the Wild West was eventually tamed, the crypto industry will be as well.

Do you think hacking groups like Lazarus will always be able to run hacking attacks on big crypto exchanges or will security become so good that it’s just not feasible for them? Let us know what you think in the comment section below.

Jeremy Wall

Jeremy is a financial writer and aspiring investor. He is also a cryptocurrency enthusiast that’s fascinated with blockchain technology and the financial markets. When he’s not researching and learning about cryptocurrency, he’s traveling the world with his dog and girlfriend.

Share
Published by
Jeremy Wall

Recent Posts

Is A Silicon City Tech Giant Behind BlockDAG Network As Its $11.4M Presale Outcasts Floki Inu Price Surge Amid BOME Fluctuation

With Floki Inu's next bull run approaching, investors are closely monitoring its innovative token burn…

7 months ago

BlockDAG Becomes Top Crypto Investment Choice with $9.9M Presale, Beating Fantom & Apecoin

BlockDAG (BDAG) has continued to stand out with its innovative presale strategy, offering early investors…

7 months ago

Render and Dogecoin Price Predictions Defy Expectations As BlockDAG Emerges as the Highest ROI Crypto for 2024

As we venture into 2024, the crypto market is brimming with potential for unprecedented growth.…

7 months ago

Solana’s 20% Trading Spike Sparks BlockDAG Presale Interest While Memeinator Presale Reaches Edge

This analysis contrasts the flourishing momentum of BlockDAG coin's presale against the backdrop of the…

8 months ago

CryptoGames Review: Bitcoin and Altcoin Casino

Ever wondered what it is like to experience the extravagant casino vibes in the comfort…

3 years ago