$ 94,707.0

BTC

0.14 %

$ 1,801.21

ETH

$ 1,801.21

0.41 %

$ 0.6994

ADA

$ 0.6994

-0.18 %

$ 600.31

BNB

$ 600.31

-0.82 %

$ 147.56

SOL

$ 147.56

-0.13 %

May 17, 2022

by Rotimi Awe

Everything You Need to Know About Lazarus Group!

Crypto hackers have become increasingly more daring in their heists. These hackers stole over $4 billion in cryptocurrencies in 2021. North Korean hackers are responsible for about 10% of the total amount from at least seven attacks, according to Chainalysis, a Blockchain data platform.

Unfortunately, these hackers have doubled down this year! The notorious North Korean hackers Lazarus group pulled off one of the biggest cryptocurrency heists. They reportedly stole $615 million worth of USDC and ETH from the Ronin Network. This Ethereum-based Defi network hosts the popular Axie Infinity game.

This brazen hack has left the crypto community reeling in shock. Some are even calling it the worst cryptocurrency hack ever. The growing ease with which hackers can compromise blockchain networks is also causing concern. There have been 78 hack events in the first quarter of 2022, an increase of 154% from last year’s first quarter. Considering that there were only five blockchain-related hack events in Q1 of 2018, these numbers are alarming.

But who are these hackers? What is their modus operandi, and how can we prevent future hacks? We briefly look at one of the hackers, Lazarus Group, responsible for the Axie Infinity heist.

Who is the Lazarus Group?

Lazarus usually refers to individuals or entities who have the knack of always making a comeback. Lazarus Group has done exactly that since coming into the limelight over a decade ago.

Also known by different names like Guardian of Peace and Whois Team, the Lazarus Group is a cybercrime group made up of an unknown number of individuals run by the North Korean state. It is unknown how the Lazarus Group operates, but researchers have attributed many cyberattacks to them between 2010 and 2021.

According to Symantec, a cybersecurity firm, the sinister group has targeted large organizations in 31 different countries across the globe. These notable organizations include Sony, Bangladesh Bank, and the South Korean government.

Lazarus Group is said to have close ties to the central government of Pyongyang. The US Federal Bureau of Investigation calls them a state-sponsored hacking organization.

Their First Heist

Several attacks have been linked with The Lazarus Group for some years, but their incursion into the cryptocurrency space gained traction in the last couple of years.

Their earlier known attack was between 2007 and 2011. The group disrupted and sabotaged the operations of government, financial, and media institutions in neighboring South Korea. This attack was known as Operation Troy.

Sony Hack

Their first notable hack came in 2014 when they hacked Sony Pictures Entertainment after the latter released a movie mocking North Korean supreme leader Kim Jong Un. This hack cost Sony over $35 million in infrastructure repairs and some reputational damage.

During that time, the hackers were called Guardians of Peace. There has, since, been a revelation that these Guardians of Peace were Lazarus members, hence the name Lazarus.

Other Heists

In the history of cybercrime, only a few groups have had as much disruptive power and lasting impact as the Lazarus Group. Their most recent attack was on the Ronin network. The transactions completely halted on the compromised network. Sky Mavis, the developers of the Axie Infinity game, has reimbursed the affected users with over $150 million.

Lazarus group also attacked the Bangladeshi Bank two years after the Sony attack, successfully stealing $81 million.

There were many such heists the group masterminded. In 2015, they stole $1 million from Banco del Austro of Ecuador and $12million from Tien Phong Bank of Vietnam. The attack on the Far Eastern International Bank of Taiwan made them $60 million.

The group was also responsible for the infamous WannaCry Ransomware cyber attack that hit key institutions, ranging from banking to airlines, worldwide in 2017.

Lazarus’ Modus Operandi

The Lazarus group has employed different disruptive tactics in their attacks. They used the distributed denial-of-service attack (DDoS) technique. It was an unsophisticated cyber-attack in which the perpetrators make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to a network. It was their first known attack.

As the group grew in status and effectiveness, its attacks became more efficient. The group used sophisticated techniques like misdirection for some of its cyberattacks against financial institutions.

The group even created malware known as AppleJeus, specifically targeting cryptocurrency exchanges. The group developed seven fake cryptocurrency trading applications. They then inserted the AppleJeus malware to siphon cryptocurrency from unsuspecting victims. They leveraged multiple cyberthreat pathways like phishing, social networking, and social engineering attacks to trick unwitting users into downloading the malware.

How Lazarus Group Pulled off the Axie Infinity Crypto Theft

There have been other crypto heists in the past, but the Axie Infinity heist is the most significant and impactful crypto heist in history. Sky Mavis (developers of the Axie Infinity game) created the Ronin network alongside the Ethereum blockchain to keep transaction costs low so that the users can play without paying so much upfront. The attackers saw this as an opportunity.

The group exploited the Ronin bridge by getting hold of five of the nine multi-signature keys controlling the funds on the Ronin chain. They managed to sign off transactions that sent the stolen cryptocurrency (173,600 ether and 25.5 million in USDC) to the Ethereum blockchain, where they were consequently transferred out through different exchanges.

Consequently, the experts took down this compromised bridge.

What is Next for the Lazarus group?

This attack is surely not the last cyber attack against the cryptocurrency space. Major blockchain platforms have already witnessed a loss of over $1 billion to cybercriminals, all in similar circumstances, in the first quarter of 2022.

These increasing incidences of crypto theft will create an atmosphere of skepticism among both users and non-users. The recent cryptocurrency crash shows the market is not immune to the vagaries of illegal activity. For example, The price of RON, the native token of the Ronin network, went down 27% immediately after the hack.

We must increase security and plugin vulnerabilities on cryptocurrency platforms and exchanges to match future cyberattacks.

Disclaimer: The views and opinions expressed in this article are for informational purposes only and do not constitute financial, investment, or other advice. Investing in or trading crypto assets comes with a risk of financial loss.

largest cryptocurrency hacks Lazarus Group Axie Infinity Ronin

Everything You Need to Know About Lazarus Group!

Rotimi Awe

Rotimi Awe is a tech writer with particular interest in cryptocurrency and Blockchain technology. He has over 3 years of experience at writing for crypto related platforms. In addition to content writing, he is an experienced digital marketing specialist. Rotimi literally lives and breathe cryptocurrency.