North Korean hackers attacked the deBridge cross-chain protocol

Hackers sent out phishing software through the fake email of the project’s co-founder

06.08.2022 - 10:30

239

2 min

What’s new? deBridge, a cross-chain protocol, has been subjected to a phishing attack. The project’s co-founder Alex Smirnov said on Twitter that the hacking attempt was repelled, he suggests that North Korean hackers from the Lazarus group may have been behind it. According to him, the hackers sent out emails with malware through the fake email of one of the company’s co-founders.

1/ @deBridgeFinance has been the subject of an attempted cyberattack, apparently by the Lazarus group.PSA for all teams in Web3, this campaign is likely widespread. pic.twitter.com/P5bxY46O6m— deAlex (@AlexSmirnov__) August 5, 2022

More details about the hack. According to Smirnov, several members of the deBridge team received emails on August 5 with PDF files attached to them titled “New Salary Adjustments.” When downloading the file, a virus was activated that steals all data from the device.

The co-founder of deBridge also warned all the other teams in Web 3.0 to watch out for such cases. In his opinion, such mailings could be part of a larger attack. Smirnov assured that the protocol itself was not affected.

The biggest hack in 2022 was carried out in roughly the same way. In March, the Ronin Network’s sidechain underlying the Axie Infinity blockchain game lost $625 million. Hackers sent a PDF file containing malware disguised as an offer to one of the employees of the company developer of the game, and as a result, they managed to access several of the network’s validators. The US government later linked the incident to the Lazarus group.

In June, analysts at Elliptic said that hackers from Lazarus could also be behind the Horizon Bridge hack on the Harmony network. The network lost $100 million as a result of the attack. According to experts, the hacking and laundering tactics were similar to other incidents involving hackers from the DPRK. The exploit itself was probably perpetrated using social engineering techniques.

Author: