Key Takeaways:
- Lazarus Group hackers used a fake NFT game to steal crypto wallet credentials.
- Malware embedded in DeTankZone exploited a Chrome vulnerability for remote access.
- Social engineering helped the Lazarus Group target a large audience.
YEREVAN (CoinChapter.com) — North Korean hackers, known as the Lazarus Group, have used a fake NFT game to exploit a Chrome vulnerability and steal crypto wallet credentials. Security analysts from Kaspersky Labs reported that the cyberattack capitalized on a zero-day flaw in Google Chrome to gain unauthorized access to users’ devices. The attackers targeted a blockchain game clone, DeTankZone, marketing it as a play-to-earn (P2E) multiplayer online battle arena (MOBA) to attract unsuspecting players.
The Lazarus Group embedded malware directly into the game’s website, detankzone.com. This allowed them to infect any device that interacted with the site. According to Kaspersky, the malicious script bypassed Chrome’s security protections. It used a vulnerability in Chrome’s V8 JavaScript engine, enabling remote code execution. Through this approach, the hackers deployed Manuscrypt malware, gaining control over users’ devices. This access allowed them to retrieve sensitive crypto wallet credentials without requiring downloads or other typical interactions.
Kaspersky Identifies Chrome Vulnerability, Google Issues Fix
Upon discovering the exploit, Kaspersky Labs promptly informed Google. Shortly after, Google issued a security update to address the vulnerability, though not before the attackers had already accessed several devices. This incident raised concerns about the broader implications of such attacks on global crypto users and businesses.
Security analysts Boris Larin and Vasily Berdnikov from Kaspersky noted that the Lazarus Group used advanced social engineering techniques to create an illusion of authenticity around the game. They built a professional website and premium LinkedIn accounts to establish credibility. Additionally, the attackers leveraged social platforms like X and LinkedIn, enlisting well-known crypto influencers to promote the fake NFT game using AI-generated marketing materials. This comprehensive approach attracted a wide audience, increasing the attack’s effectiveness.
Lazarus Group’s Extensive History of Cryptocurrency Theft
The fake NFT game wasn’t just a cover; it was fully operational. It included detailed gameplay elements, like logos, 3D graphics, and user interfaces. However, anyone visiting the site faced serious risks. The Lazarus Group had embedded Manuscrypt malware within the game’s website. This malware collected sensitive crypto wallet credentials, allowing them to execute large-scale cryptocurrency theft.
The Lazarus Group has a long record of targeting the crypto industry. Notably, between 2020 and 2023, on-chain investigator ZachXBT linked them to over 25 hacks, with total losses exceeding $200 million. This history, therefore, highlights the group’s ongoing focus on crypto theft. Moreover, they often rely on vulnerabilities and social engineering to achieve success.
Major Cryptocurrency Heists Tied to Lazarus Group
The Lazarus Group has, over the years, carried out numerous major crypto heists. For instance, in 2022, they reportedly stole over $600 million in ether (ETH) and USD Coin (USDC) through the Ronin Bridge hack. Additionally, the U.S. Treasury Department has linked them to several cyberattacks targeting financial institutions and crypto platforms worldwide.
In September 2023, data from 21.co (the parent company of 21Shares) revealed that the group still holds over $47 million in various cryptocurrencies. This includes assets like Bitcoin (BTC), Binance Coin (BNB), Avalanche (AVAX), and Polygon (MATIC).
Additionally, between 2017 and 2023, reports estimate that the Lazarus Group accumulated more than $3 billion in digital assets. Their impact on the cryptocurrency industry has been substantial, underscoring their persistent targeting of crypto markets.
Social Engineering Key to Lazarus Group’s Cyber Strategy
Notably, the success of this attack largely relied on social engineering. Through polished promotional materials, AI-generated graphics, and credible-looking LinkedIn profiles, the Lazarus Group convincingly disguised their fake NFT game as legitimate, drawing in crypto enthusiasts. This sophisticated approach circumvented common cybersecurity defenses, widening the scope of potential victims.