DeBridge Finance Co-founder Alex Smirnov revealed that the notorious North Korean Lazarus Group was behind the attempted cyberattack on the liquidity transfer protocol.
DeBridge offers a cross-chain interoperability and liquidity protocol for transferring data and assets between blockchains.
Smirnov who also works as project lead said that the attack came through a spoofed email received by several DeBridge staff that contained a PDF file named “New Salary Adjustments,” impersonating Smirnov.
Although many team members immediately flagged the suspicious email, one of them unfortunately downloaded and opened the file, leading to the breach of the firm’s internal systems.
This initiated an investigation into the attack’s origin, how the hackers planned the attack to work, and any potential consequences.
“Fast analysis showed that received code collects A LOT of information about the PC and exports it to [the attacker’s command center]: username, OS info, CPU info, network adapters, and running processes,” Smirnov said.
Email spoofing is a type of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
DeBridge owner says ” We have strict internal security policies”
“We have strict internal security policies and continuously work on improving them as well as educating the team about possible attack vectors,” Smirnov wrote.
DeBridge founder put out a word of caution to his followers to never open email attachments without checking the sender’s full email address and to have an internal protocol for sharing attachments.
The Lazarus Group has earned notoriety for several high-profile crypto hacks, such as the $622 million Axie infinity. Ronin Ethereum sidechain hack in March and the Harmony Horizon Bridge hack in June.
Recently the North Korean hackers have been accused of infiltrating job sites like LinkedIn and Indeed and stealing key information from real profiles to build plagiarized resumes and land jobs at U.S. cryptocurrency firms, security analysts have found.
These fraudsters were attempting to secure employment at these firms as part of a larger goal to raise funds for North Korean leader Kim Jong Un’s regime.
Experts also disclosed that by collecting information from crypto firms, North Korea’s government could use this information to study future cryptocurrency trends.
This information would then help Pyongyang launder cryptocurrencies to circumvent Western sanctions.
Earlier in 2021, the U.S. government issued a warning that North Korean citizens were posing as citizens of other countries and attempting to secure work in international IT sectors.
“[North Korea] dispatches thousands of highly skilled IT workers around the world to generate revenue that contributes to its weapons of mass destruction and ballistic missile programs, in violation of U.S. and U.N. sanctions,” the advisory said.