- Cheong previously suspected that BlueNorOff was behind the spear-phishing attack that drained $1.7 million worth of NFTs from his hot wallet.
- On Thursday, the US government connected the North Korean hacking unit, Lazarus Group, to Ronin’s network exploit.
- Cheong warns that North Korea will dedicate more resources to intensify the attacks.
DeFiance Capital founder, Arthur Cheong, said in a tweet storm today that North Korea’s state-sponsored hackers have “have the relationship graph of the entire crypto space mapped out” and “know what kind of phishing emails are most likely to slip through our mental defense.”
1/ Based on our research and conversation with leading cyber security experts, we believe BlueNorOff are running an organized campaign to target all the prominent organizations in the crypto space.— Arthur 🌔⛩️🦔👻 (@Arthur_0x) April 15, 2022
Cheong, who recently fell victim to a spear-phishing that drained $1.7 million worth of NFTs from his hot wallet, said that North Korean cybercrime group BlueNorOff is targeting all prominent organisations in the crypto space.
The hacker sent Cheong a spear-phishing email to deploy malware on his device and access the seed phrase of his hot wallet to steal his digital assets. After the incident, Cheong discovered that BlueNorOff was likely behind the attack.
“It is critical that this industry is highly aware that we are being actively targeted by a state-sponsored cyber crime organization that is extremely resourceful and sophisticated. They might even change the tools and attack pattern in future,” Cheong tweeted.
He added that once the current methods of attack such as a trojanized DeFi app and a wallet attack lose their effectiveness, North Korea will dedicate more resources to intensify the attacks.
A crypto crime report published by Chainalysis in January found that North Korean cybercriminals launched “at least seven attacks on cryptocurrency platforms that extracted nearly $400 million worth of digital assets last year.”
North Korea-linked Lazarus Group hacked cryptocurrency exchange KuCoin last year, netting more than $250 million. North Korea-linked hackers also moved 67 different ERC-20 tokens along with large quantities of Ethereum and Bitcoin from wallets on Liquid.com to addresses controlled by a party working on behalf of DPRK.
On Thursday, the US treasury confirmed that Lazarus Group was behind the recent Ronin Network breach that resulted in $625 million worth of cryptocurrency stolen.
Cheong included a number of crypto-specific security suggestions in his Twitter storm, including storing on-chain crypto assets in a multi-sig wallet, implementing 2FA for all sign-ins, bookmarking commonly used Dapp sites and implementing an address monitoring system.
He also urged crypto firms to “exercise extra due diligence in hiring remote teams especially software engineers/developers” as “the Lazarus Group has even engaged in the creation of fake companies for the development of cryptocurrency software,” according to cyber security firm, Kaspersky.
Stay up to date: