A cybersecurity company reported yesterday that a group of notorious hackers from North Korea managed to steal $3 billion in cryptocurrency from users by designing a fake blockchain game. Kaspersky Lab said the Lazarus group took advantage of a key vulnerability in the Google Chrome browser that allowed it to drain its victims’ crypto wallets.
Lazarus Group: $3 billion crypto heist
It was reported that North Korean hackers used the fake game to steal more than $3 billion in cryptocurrency – an operation the group successfully carried out over a six-year period, from 2016 to 2022.
This heist is the harmful consequence of Google’s inability to correct a vulnerability in the Chrome browser.
Meanwhile, a blockchain detective conducting a separate investigation revealed that the Lazarus Group executed 25 hack attacks, laundering $200 million in crypto.
He also revealed the existence of a network of developers in North Korea who work for “established” cryptocurrency projects. The network would receive a monthly salary of $500,000.
The questionable game plan
Kaspersky Labs analysts Vasily Berdnikov and Boris Larin said the Lazarus Group created a fake game called DeTankZone or DeTankWar that revolves around non-fungible tokens (NFTs) to siphon off their victims’ crypto wallets.
Analysts revealed that the hackers used the zero-day vulnerability of the Chrome browser in their unscrupulous act.
Website appearance and the hidden exploit loader. Source: Kaspersky Lab
Berdnikov and Larin explained that the hackers used the fake game to persuade their victims and led them to a malicious website, which injects malware into their computers called Manuscript.
Through the use of Manuscript, hackers were able to corrupt Chrome’s memory, allowing them to obtain user passwords, auth tokens, and anything else they needed to steal crypto from their unwitting victims .
12 days to resolve the issue
Kaspersky Lab analysts discovered what the Lazarus Group was doing in May. Berdnikov and Larin immediately reported the issue to Google so that the platform could fix the vulnerability.
However, Google was not prepared to address the zero-day vulnerability issue, and it took them 12 days to patch the vulnerability.
Boris Larin, Kaspersky Lab’s leading security expert, said that the notable efforts invested by the hacker group in the said hacking campaign indicate that the group has an ambitious plan.
Larin noted that what the group did could have a broader impact than previously thought.
The Lazarus Group reminds that the fight against hackers continues. The Chrome vulnerabilities highlight that platforms should always ensure their security measures are updated and be vigilant against cybersecurity threats.
Featured image of Le Parisien, chart by TradingView
