BitMEX Foils Lazarus Group Hacking Attempt, Revealing Members’ Information

BitMEX made a bold announcement this afternoon, claiming it foiled a major hack attempt from the Lazarus Group. The exchange’s security team analyzed the hackers’ code, revealing some interesting new information.

The malware had surprisingly poor operational security, allowing BitMEX to trace the IP addresses and active hours of several members. Still, the firm acknowledged that it only beat Lazarus’ second-string hackers, not their best.

BitMEX Takes On Lazarus Group

The Lazarus Group is a formidable North Korean hacker organization, responsible for the largest theft in crypto history. The group has stolen and successfully laundered vast sums of money thanks to their sophisticated DeFi trade networks.

However, Lazarus’ recent attempt to hack BitMEX was prevented, according to a recent blog post.

A Lazarus hacker attempted to phish a BitMEX employee by sending them a phony request to collaborate on a Web3 NFT marketplace project. This employee alerted security, who played along with the scammer to obtain the malware bait. From there, BitMEX analysts dismantled it, gleaning knowledge of the group’s organization:

“Throughout the last few years, it appears that the group has divided into multiple subgroups that are not necessarily of the same technical sophistication. This can be observed through… bad practices coming from these ‘frontline’ groups that execute social engineering attacks when compared to the more sophisticated post-exploitation techniques,” BitMEX claimed.

Specifically, BitMEX identified a lot of sloppy work in the initial malware. This allowed analysts to find a list of IP addresses from compromised computers; furthermore, they identified test runs.

One Lazarus member based in China left incriminating info in this database, which BitMEX used to get a profile of other members and their working schedules.

BitMEX’s work here can go a long way towards piercing the Lazarus Group’s image of danger and hyper-competence. BitMEX, a long-running derivatives exchange, seems like an unexpected candidate to make these discoveries.

Rather than a famous crypto sleuth, a private firm that’s been out of the news lately managed to crack this code.

Still, it’s important not to overstate the situation. The Lazarus Group sent their B-team to try and breach BitMEX, but much more advanced hackers would’ve exploited a successful breach.

BitMEX exploited the group’s sloppy operational security, but its members remain wholly anonymous. In all likelihood, they’ll have plenty of future successes on softer targets.