A cybersecurity firm yesterday reported that a group of notorious hackers from North Korea was able to steal $3 billion worth of cryptocurrency from users by devising a fake blockchain game. Kaspersky Lab said that the Lazarus Group took advantage of a key vulnerability in the Google Chrome browser that allowed them to drain the crypto wallets of their victims.
Lazarus Group: $3 Billion Crypto Heist
It was reported that the North Korean hackers used the fake game to steal more than $3 billion in cryptocurrency — an operation the group successfully conducted within a six-year period, from 2016 to 2022.
The heist is the adverse consequence of Google's failure to patch a vulnerability in the Chrome browser.
Meanwhile, a blockchain detective conducting a separate investigation found that the Lazarus Group executed 25 hacking attacks, laundering $200 million worth of crypto.
It also discovered the existence of a network of developers in North Korea that works for “established” cryptocurrency projects. The network supposedly gets a monthly paycheck of $500,000.
The Dubious Game Plan
Vasily Berdnikov and Boris Larin, analysts of Kaspersky Labs, said that the Lazarus Group created a fake game called DeTankZone or DeTankWar that revolves around Non-Fungible Tokens (NFTs) to siphon the crypto wallets of their victims.
The analysts revealed that the hackers made use of the zero-day vulnerability in the Chrome browser in their unscrupulous act.
Website appearance and the hidden exploit loader. Source: Kaspersky Lab
Berdnikov and Larin explained that hackers used the fake game to persuade their victims and led them to a malicious website, which inject malware into their computers called Manuscript.
With the use of Manuscript, the hackers were able to corrupt Chrome's memory, allowing them to obtain users' passwords, authentication tokens, and everything they needed to steal the crypto of their unwitting victims.
12 Days To Solve The Problem
Kaspersky Lab analysts discovered what the Lazarus Group was doing in May. Berdnikov and Larin immediately relayed to Google the issue so the platform could fix the vulnerability.
However, Google was unprepared to address the zero-day vulnerability issue, taking them 12 days to fix the vulnerability.
Boris Larin, a principal security expert from Kaspersky Lab, said that the notable effort invested by the hacker group in the said hacking campaign indicates that the group has an ambitious plan.
Larin noted that what the group has done might have broader impact than previously thought.
The Lazarus Group is a reminder that the battle against hackers continues. Chrome's vulnerabilities emphasized that platforms should always ensure that their security measures are updated and be vigilant of cybersecurity threats.
Featured image from Le Parisien, chart from TradingView