The Lazarus APT group, linked to North Korea, has reportedly stolen over $240 million worth of cryptocurrency since June 2023. Multiple businesses, including Atomic Wallet, CoinsPaid, Alphapo, and Stake.com, have fallen victim to the group’s attacks. CoinEx, a global cryptocurrency exchange, is also suspected to have lost $31 million to Lazarus.
Researchers from blockchain cybersecurity firm Elliptic found that funds stolen from CoinEx were sent to an address used by Lazarus to launder funds stolen from Stake.com. The analysis suggests that Lazarus has shifted its focus from decentralized services to centralized ones. This change is likely due to increased security measures for decentralized finance platforms and the greater susceptibility of centralized exchanges to social engineering attacks.
In total, approximately $291.3 million has been lost due to private key breaches, with the Stake.com and CoinEx exploits accounting for 78% of September’s losses. The Lazarus group’s modus operandi involves spear-phishing attacks targeting Web3 companies’ personnel to obtain sensitive credentials. Web3 employees are urged to be cautious of unsolicited job pitches with overly attractive compensation packages.