North Korean Hackers Behind DeBridge Finance Attack: Co-Founders


Alex Smirnov, co-founder and project leader at DeBridge Finance, took to Twitter on Friday that his company was the target of an attempted cyberattack by the notorious North Korean Lazarus Group.

DeBridge provides a cross-chain interoperability and liquidity protocol for transferring data and assets between blockchains.

The attack was carried out via a fake email that several members of the DeBridge team received, which contained a PDF file called “New Salary Adjustments” that appeared to be from Smirnov.

Email spoofing is a form of attack that involves manipulating a malicious email to make it appear as if it came from a trusted source, in this case the company’s co-founder.

“We have strict internal security policies and are constantly working to improve them and educate the team on possible attack vectors,” Smirnov wrote.

Despite this, Smirnov says, one person downloaded and opened the file, triggering an attack on the company’s internal systems. This led to an investigation into the origin of the attack, how the hackers intended the attack, and possible consequences.

“Quick analysis has shown that the received code collects and exports A LOT of information about the PC [the attacker’s command center]: username, operating system information, CPU information, network adapters and running processes,” Smirnov said.

Smirnov compared what DeBridge saw to another user’s Twitter post that had similar characteristics and pointed to the North Korean hacking group.

Smirnov warned his followers to never open email attachments without verifying the sender’s full email address and to have an internal log of how their team shares attachments.

The Lazarus Group is reportedly behind several high-profile crypto hacks, including the $622 million Axie Infinity Ronin Ethereum sidechain hack in March and the Harmony Horizon Bridge hack in June.

“These types of attacks are pretty common,” notes David Schwed, chief operating officer of blockchain security firm Halborn. “They rely on people’s curiosity by giving the files names that would pique their interest, such as B. Salary Information.

“We are seeing more and more of these types of attacks specifically targeting blockchain businesses as the stakes are higher due to the immutability of blockchain transactions,” added Schwed.

Stay up to date on crypto news and receive daily updates in your inbox.


About Author

Comments are closed.