Crypto Journalist
Amin Ayan
Crypto Journalist
Amin Ayan
Share
Key Takeaways:
- BitMEX uncovered major security flaws in North Korea’s Lazarus Group.
- A rare IP leak exposed a hacker’s location in China.
- G7 leaders plan to address North Korea’s growing crypto thefts at their upcoming summit.
BitMEX’s security team has exposed significant operational weaknesses within the Lazarus Group, the North Korean state-sponsored cybercrime network responsible for a string of high-profile crypto hacks.
In a recent counter-operations probe, BitMEX researchers identified technical missteps that revealed parts of the group’s infrastructure.
Among the discoveries were exposed IP addresses, an accessible database, and tracking algorithms used by the group in its campaigns.
Rare Slip Exposes Lazarus Hacker’s IP Address in China
One key finding suggests that a hacker likely exposed his real IP address during an operation, pinpointing a location in Jiaxing, China — a rare lapse for the highly secretive group.
Researchers also gained access to a Supabase database instance used by the attackers.
Supabase is a platform that simplifies database deployment, and its use by Lazarus highlights the group’s evolving operational tools.
BitMEX’s report underscores a growing divide in the group’s internal structure.
It notes an “asymmetry” between low-skill social engineering teams, responsible for tricking users into downloading malware, and the more advanced developers creating sophisticated exploits.
The fragmentation suggests that Lazarus has splintered into sub-groups with varying capabilities.
While some cells rely on basic social engineering, others deploy complex technical attacks targeting the blockchain and tech sectors.
The findings come amid a wider surge in DPRK-linked cyber activity. Global law enforcement agencies continue to investigate the group’s operations.
In September 2024, the FBI warned about phishing scams using fake job offers to lure crypto users.
That warning was later echoed by Japan, South Korea, and U.S. officials, who labeled Lazarus a threat to financial stability.
Now, international concern is growing. A Bloomberg report suggests world leaders may address the Lazarus threat at the upcoming G7 Summit, exploring coordinated strategies to mitigate damage from the group’s activities.
With Lazarus remaining an active force in the crypto threat landscape, BitMEX’s findings offer new insights into the group’s operational vulnerabilities — and potential avenues for disruption.
G7 to Address North Korea’s Crypto Theft Surge
G7 leaders are expected to address North Korea’s escalating cyberattacks and cryptocurrency thefts at next month’s summit in Canada.
While global conflicts remain high on the agenda, Pyongyang’s cyber operations, seen as a key funding source for its weapons programs, are drawing urgent attention from member states seeking coordinated action.
The Lazarus Group, North Korea’s most infamous hacking collective, is believed to be behind a series of major crypto thefts, including a record $1.4 billion heist from exchange Bybit in February.
Chainalysis has claimed that North Korean-linked actors stole over $1.3 billion across 47 separate incidents in 2024 alone.
Beyond external hacks, the regime employs rogue IT workers to infiltrate crypto firms from within — a tactic flagged in a joint warning from the U.S., Japan, and South Korea.
North Korean cyber strategies continue to evolve. In April, Lazarus-linked operatives reportedly set up U.S.-based shell companies to distribute malware to crypto developers.
Kraken recently thwarted an infiltration attempt by a suspected North Korean posing as a job candidate.
