Web3 security experts consider North Korea’s Lazarus Group to be the most prominent and sophisticated threat to the cryptocurrency industry in 2024.
Earlier this week, the infamous Lazarus Group reportedly funneled $12 million through cryptocurrency tumbler Tornado Cash. The funds were reportedly linked to the HTX and Heco Bridge hacks last November, which resulted in the platforms losing more than $90 million.
But this wasn’t the group’s only robbery in 2023. North Korean-backed hackers compromised more than $400 million in assets across various cryptocurrency platforms, including CoinEX, Poloniex, Stake.com, and Atomic Wallet throughout the year. In 2022, the group was responsible for the largest DeFi hack in history, compromising the Ronin Network and stealing approximately $620 million.
The Lazarus hack occurred during a prolonged bear market in the cryptocurrency industry, following the collapse of FTX and Terra Luna. In 2024, with the bull market in full swing, important tokens hitting all-time highs, and new meme coins popping up bringing billions of dollars into the market, Lazarus’ concerns are more salient than ever.
To understand how the industry can prepare for these risks, crypto.news reached out to web3 security provider Cybers, which exclusively detected the Poloniex hack last year.
How does Lazarus pull off a million-dollar cryptocurrency heist?
According to Cybers CEO Deddy Lavid, Lazarus Group will significantly shift its cyberattack strategy in 2023, targeting centralized entities with a sophisticated and dynamic approach. Moving beyond traditional phishing and brute force methods, the group now uses AI-based phishing campaigns and complex smart contract attacks.
In particular, the attacks against Poloniex and HTX focused on stealing private keys and launching a series of smaller attacks over a short period of time. The group also used pre-programmed bots to launch automated attacks. Bots tend to exist in a system for a long time undetected before they start exfiltrating assets.
Lavid also noted that the Lazarus Group’s modus operandi resembles military precision, reflecting a level of professionalism rarely seen among cybercrime organizations. Lavid describes a repeating pattern of attacks. It initially infiltrates through social engineering, remains dormant within the target organization for months, steals private keys, and carries out a series of rapid, well-coordinated attacks involving dry runs and fast and anomalous transaction rates.
The preparation phase distributes stolen assets across multiple blockchains and eventually flows them through blenders or exchanges for laundering.
A cryptocurrency bull market in 2024 therefore presents an exciting prospect for investors and innovators alike, while also providing an urgent call to arms for the security sector.
“My analysis highlights the need for enhanced security measures in the cryptocurrency and blockchain space and calls for a deeper awareness of the importance of information security, a call for more security experts, and a focus on proactive attack prevention. .”
– Deddy Lavid, CEO of Cybers
By 2024, Lavid predicts the cryptocurrency market overcoming initial vulnerabilities and adopting a more mature approach to security.
Cryptocurrency platforms must allocate more resources to developing security expertise within their companies and developing holistic strategies to preempt attacks and comprehensively address potential fraud across blockchains.