Unveiling Lazarus Group’s Secrets: BitMEX Developers Dive Deep into Hackers’ Database

Cryptocurrency CrimeUnveiling Lazarus Group's Secrets: BitMEX Developers Dive Deep into Hackers' Database

Date:

BitMEX, a renowned crypto exchange, has recently published an in-depth article on its blog, shedding light on the notorious exploits of North Korea’s Lazarus Group associated with recent attacks on its platform. The Lazarus Group is infamous for its persistent targeting of the cryptocurrency sector, employing a wide range of deceptive techniques to defraud innocent crypto investors.

The group has set its sights on various exchanges, including Phemex and Bybit, and they even attempted to deceive a BitMEX staff member by proposing a bogus project as a disguise for a phishing attempt to implant harmful software on the staff member’s device. However, BitMEX is now retaliating by delving into the malevolent code deployed by the hacker group.

BitMEX has unearthed serious loopholes that exchanges can leverage to safeguard their assets. This includes revealing the group’s tracking databases and originating IP addresses, which allows BitMEX to monitor its functioning hours and single out key players crucial to the group’s operations.

The BitMEX team has distinguished different levels for the hackers, ranging from novice hackers performing phishing tasks to experts assigned to conduct post-exploitation procedures. The BitMEX blog post proposes various real-time security breach detection measures, including an internal monitoring system for identifying infections.

BitMEX’s sudden interest in cybersecurity stems from a Lazarus Group member reaching out to a BitMEX employee on LinkedIn with a proposition to participate in a counterfeit NFT project. This audacious phishing attempt prompted BitMEX to probe deeper into the matter, which resulted in a chance to analyze live Lazarus code.

BitMEX researchers uncovered a Lazarus Supabase, which contained data related to the malware, such as username, hostname, operating system, geolocation, timestamp, and IP address. With this data, BitMEX identified various devices as either a developer or test machine based on their operational frequency.

While most of the developers utilized VPNs to conceal their location, one developer made an error revealing the actual IP address of the machine, which is located in Jiaxing, China. BitMEX considers this a significant lapse that could potentially unveil the hacker’s identity.

BitMEX has now developed a script to automatically analyze the Supabase and search for operational errors. After all, even hackers are prone to mistakes, which can prove to be their downfall. BitMEX’s astute analysis of Lazarus Group’s operations will continue to enhance their cybersecurity measures and protect their platform.

LEAVE A REPLY

Please enter your comment!
Please enter your name here


Share post:

Subscribe

Popular

More like this
Related

China Missile Launch: Regional Tensions Rise — What It Means for 2026

On July 8, 2026, China demonstrated its expanding military...

Gold Price Forecast 2026: Market Trends and Predictions — What It Means for Investors

As of July 2026, spot gold prices are facing...

Strike Bitcoin-backed Loan Update: A Risky Yet Innovative Solution — What It Means for 2026

In a bold move amidst a challenging bear market...

USD/CAD Analysis: Crude Oil Prices Surge Amid Geopolitical Tensions — What It Means for 2026

The USD/CAD currency pair has seen a notable uptick,...