On April 18th, three key US government agencies delivered a unified alert about security dangers to blockchain and cryptocurrency companies. The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department were among these organizations.
The public notification, dubbed a cybersecurity advisory, was made on the official site of CISA. CISA is a federal agency within the US Department of Homeland Security charged with enhancing the cybersecurity of the United States and is responsible for regularly issuing threat alerts.
According to the advisory, the US government has spotted malware groups thought to be funded by North Korea pursuing cryptocurrency businesses. The study names four groups — Lazarus Group, APT38, BlueNoroff, and Stardust Chollima — as posing an advanced persistent threat (APT), making it a threat agent capable of gaining permitted access to systems and remaining undiscovered for extended periods of time.
According to the release, hackers are targeting cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn games, venture capital businesses, and trading groups in order to rob and launder crypto assets to benefit the North Korean administration. Additionally, the advisory stated that major retail investors may be targeted.
Additionally, it stated that malware organizations have been constantly attempting to steal digital currencies from a range of crypto businesses via a number of methods. Said methods involve phishing and social engineering efforts aimed at distributing malicious programs carrying the Trojan virus.
These malicious apps, called “TraderTraitor,” attack systems in an attempt to steal digital assets kept in cryptocurrency wallets, according to the advisory. Generally, the applications are carried out via phishing scams sent to personnel of cryptocurrency firms through email, enticing them in with high-paying career opportunities.
The recent warning emphasized the importance of cryptocurrency companies being vigilant against cyber-attacks and developing measures to counteract threats. It included countermeasures such as software patching, the use of multi-factor authentication (MFA), and employee training on phishing attempts.
The organizations named in the notice have already taken considerable amounts of money from cryptocurrency-related projects. The US authorities recognized Lazarus as the primary culprit of a $600 million breach on Ronin, the blockchain that powers the play-to-earn game Axie Infinity. However, the organization has been robbing cryptocurrency gamers for several years. Chainalysis, a blockchain analytics company, noted in a study conducted back in January that Lazarus Group was implicated in a breach of the Kucoin cryptocurrency exchange in 2020 and a second unidentified exchange in 2018. Lazarus earns over $500 million from carrying out the attacks in question.
The notice corroborates findings made by top crypto experts. On April 15, DeFiance Capital’s Arthur Cheong shared a tweet thread about the situation in question, in which he posited the following: “Based on our research and conversation with leading cyber security experts, we believe BlueNorOff are running an organized campaign to target all the prominent organizations in the crypto space.”
Initially wrote the content below only for our portcos and partners but after some thoughts I think there are benefit to open-sourcing this.
— Arthur (@Arthur_0x) April 15, 2022
He went on to say, “it is critical that this industry is highly aware that we are being actively targeted by a state-sponsored cyber crime organization that is extremely resourceful and sophisticated.”
Cheong was reportedly the victim of a phishing attempt, which resulted in the compromise of his own wallet and the subsequent loss of $1.7 million in NFTs and crypto. Additionally, the firm lost $720,000 from a different wallet as a result of the exact attack and barely averted losing an additional $13.3 million.