A cybersecurity expert from SlowMist, known by the pseudonym 23pds, has exposed a sophisticated cyber attack orchestrated by North Korea’s infamous Lazarus Group. The attackers crafted a fake LinkedIn profile impersonating Nevil Bolson, a purported founding partner at the blockchain-focused Chinese asset management firm, Fenbushi Capital. They utilized the photo of a real representative, Remington Ong, enhancing the profile’s credibility.
The fraudulent account targeted software developers in the decentralized finance (DeFi) sector, sending them phishing links designed to steal sensitive information. This technique is a hallmark of the Lazarus Group, confirmed by matching IP addresses and similar attack patterns observed in previous breaches.
Global Impact and Response
According to U.N. Security Council reports, North Korean hackers frequently engage in phishing that combines social engineering, exploiting vulnerabilities within corporate networks to access private keys. Notably, the Lazarus Group recently compromised the gaming platform Munchables, stealing 17,500 Ethereum (ETH).
Cryptocurrency expert ZachXBT highlighted that from 2020 to 2023, the group laundered $200 million through various crypto-to-fiat schemes involving over 25 blockchain hacks. These funds were often channeled through mixers on centralized exchanges to mask their origins.
Efforts to counteract these thefts have seen significant advances. In November 2023, $374,000 of the stolen funds were frozen. Additional undisclosed amounts were secured on centralized exchanges in the final quarter of the year. Additionally, stablecoin issuers managed to immobilize $3.4 million in associated funds, further thwarting the group’s financial maneuvers.