Fake NFT Job Offer? BitMEX Stops Lazarus Group Hack in Its Tracks

The exchange said in a May 30 blog post that the attackers used a fake job opportunity on LinkedIn to try and trick one of its employees.

The offer involved a supposed collaboration on a Web3 non-fungible token (NFT) project.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is the Metaverse? (Meaning + Animated Examples)

SUBSCRIBE

ON YOUTUBE

The attackers then encouraged the employee to download and run a GitHub file. That file included hidden code meant to harm the computer. BitMEX’s security team caught the attempt and traced the source of the file to servers previously connected to the Lazarus Group activity.

During their investigation, the team also found that one of the IP addresses linked to the attack was based in Jiaxing, China. This discovery pointed to a possible mistake by the group, which helped confirm the link to North Korean operations.

BitMEX explained that the Lazarus Group often starts its attacks with simple methods like phishing, using emails or messages to trick people into opening harmful files. These are usually carried out by teams with basic skills.

More complex actions, such as moving through company networks or stealing large amounts of data, are likely handled by other teams with more experience.

BitMEX also pointed out that the term "Lazarus Group" covers several hacking teams believed to be under the control of the North Korean government. These teams have been blamed for stealing large sums of money through different kinds of cyberattacks.

On May 1, Kraken uncovered an attempt by a North Korean hacker to slip inside the company. How? Read the full story.