A recent report from Kaspersky Lab has shed light on a troubling cyber heist orchestrated by the notorious Lazarus Group, a hacking collective linked to North Korea. Over a span of six years, from 2016 to 2022, these hackers managed to siphon off a staggering $3 billion in cryptocurrency by luring victims with a counterfeit blockchain game.

The scheme took advantage of a security vulnerability in Google Chrome, which the hackers exploited to access users’ crypto wallets. Kaspersky’s investigation revealed that the group conducted 25 separate hacking operations and laundered around $200 million in stolen cryptocurrency.

They also uncovered a network of North Korean developers allegedly involved in legitimate crypto projects, reportedly earning substantial monthly incomes.

The deceptive game, named DeTankZone or DeTankWar, featured non-fungible tokens (NFTs) to entice users. Analysts Vasily Berdnikov and Boris Larin explained that the hackers led victims to a malicious site that deployed Manuscript malware, allowing them to capture sensitive information like passwords and authentication tokens stored in Chrome. This facilitated the theft of users’ crypto assets.

Kaspersky’s team identified these tactics in May and promptly notified Google. However, it took the tech giant 12 days to patch the critical vulnerability, during which the Lazarus Group continued their exploits, exacerbating the situation.

Tags