Lazarus Group Suspected in Upbit Hack

On Thursday, Upbit announced the detection of abnormal withdrawals involving Solana-based crypto assets, prompting an immediate suspension of deposit and withdrawal services. Initial reports indicated a loss of roughly 54 billion won ($36.8 million), but this was later revised to approximately 44.5 billion won ($30.4 million).

Authorities, citing anonymous government and industry sources, are increasingly confident that the Lazarus Group was behind this security breach. The methods employed in this attack bear a striking resemblance to the techniques used in a previous 2019 theft, which further raises suspicions about Lazarus’ involvement.

Attack Methods and Investigation

Unlike direct server attacks, the hackers are believed to have compromised administrator accounts or impersonated administrators to authorize the fraudulent transfers. This sophisticated approach has complicated the investigation, but authorities are preparing an on-site inspection of Upbit to gather further evidence.

Blockchain analysis provider Dethective has revealed that onchain data shows a wallet associated with the hack swapping Solana for USDC and bridging funds to Ethereum. This movement of funds is being closely monitored as the investigation continues.

Historical Context and Implications

The Lazarus Group’s previous involvement in a 342,000 ETH hack from Upbit in November 2019 adds a historical context to their alleged participation in this recent breach. South Korean police have concluded that Lazarus was indeed responsible for that attack, intensifying scrutiny on their operations.

This incident underscores the persistent threat posed by organized cybercrime groups in the cryptocurrency space. It highlights the urgent need for enhanced security measures and robust regulatory frameworks to protect digital assets and investor confidence.

Corporate Developments and Future Outlook

Amidst these security challenges, Naver Financial has confirmed its merger with Dunamu, the company behind Upbit. This strategic move aims to secure future growth momentum based on digital assets. As a wholly-owned subsidiary, Dunamu will integrate with Naver Financial to bolster its digital infrastructure and security protocols.

As the investigation unfolds, the cryptocurrency community remains vigilant, understanding the critical importance of securing exchanges against such formidable adversaries as the Lazarus Group.

The post Lazarus Group’s $30 Million Upbit Hack: 5 Shocking Revelations Exposed appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

FTX Hack

The catastrophic failure of the widely used digital asset exchange FTX, with the loss of billions of dollars in cash, was the most significant cryptocurrency event of 2022 and perhaps the most important news story of the year.

In addition to filing for Chapter 11 bankruptcy on November 12, the celebrity-backed exchange was the target of an unknown cyberattack.

About $640 million worth of tokens were stolen from many wallets believed to belong to FTX. The money was then transferred to other cryptocurrency exchanges and changed into other digital currencies.

Unfortunately, the thief or thieves responsible for the missing funds remain unknown. New FTX management’s attorney, James Bromley, said during the collapsed exchange’s first court hearing that a significant proportion of the exchange’s assets are either lost or stolen.

$566,000,000 for Binance (Binance Smart Chain)

On October 6, hackers stole $566 million worth of BNB from a blockchain affiliated with the largest cryptocurrency exchange in the world.

This vulnerability affected the inter-chain bridge BSC Token Hub. The hackers basically created tokens out of thin air by forging withdrawal proofs. However, the assault against Binance did not result in user losses on the Binance blockchain.

Although a large number of tokens were stolen, the perpetrators could not get away with them all; according to Binance CEO Changpeng Zhao, the exchange was able to keep between 80% to 90% of the stolen assets safe.

It is because, after the assault, validators on the BSC chain halted the network, but hackers did transfer around $100 million to other chains.

$552,000,000 for Ronin

In March, hackers stole an estimated $552 million in Ethereum and USDC from Ronin, a sidechain for the widely played NFT game Axie Infinity. One week after Axie Infinity creator Sky Mavis announced the flaw, the total worth of the stolen cash had reached $622 million.

What strategy did they employ? The “hacked private keys” were used to make fake transactions and steal money.

Approximately $7 million in Ethereum was transmitted to cryptocurrency mixing provider Tornado Cash for fast laundering.

U.S. Treasury investigators subsequently found cryptocurrency wallet addresses that they believed belonged to the Lazarus cyber organization in North Korea.

$326 million Wormhole

It was a terrible year for decentralized financial protocols. DeFi is a catch-all word for the still-evolving category of applications that banks and brokerages use to automate routine tasks. It implies there is a safety concern, especially with bridges, which enable users to move cash across different blockchains.

The famous bridge, Wormhole, was vulnerable to an attack in February. Tokens were minted by hackers who focused on Solana (where users lock Ethereum within a smart contract in exchange for a similar amount of Wrapped Ethereum, or WETH). About $120,000’s worth of WETH tokens. That equated to around $326 million back in the day.

In the DeFi ecosystem, WETH, a token tied to the price of Ethereum at a ratio of 1:1, facilitates rapid monetary transfers.

Wormhole’s parent business, Jump Trading, a prominent participant in the Solana ecosystem, stepped in to replace the stolen goods and restore bridge service.

Nomad, $190 million

In August, there was a second attack on a bridge. All of Nomad’s Ethereum, USDC, DAI, FXS, and CQT were stolen by hackers who took advantage of a flaw in the update. Nomad is a service that allows users to exchange digital assets across multiple blockchains.

The money began trickling back in when the protocol’s backers promised a 10% incentive to hackers who returned the tokens (without imposing law enforcement).

Although around $22 million was recovered from the incident, it led the FBI to issue a warning to investors about the increased interest of cyber criminals in exploiting weak DeFi systems.

The $100M Harmony Bridge Hack

Another $100 million in various cryptocurrencies were stolen via a breach of the Horizon Bridge, which connects Ethereum, Bitcoin, and BNB Chain to Harmony’s layer-1 blockchain.

Because the money was laundered in a manner consistent with known Lazarus Group operations, blockchain forensics company Elliptic has concluded that the breach was carried out by that group of North Korean cybercriminals.

It is believed that Lazarus stole employee login credentials for the Harmony platform, compromised the site’s security, and took control of the protocol before using automated laundering programs to transfer funds.

The Wintermute $160M Hack

Approximately $160 million in 70 different tokens were stolen from the hot wallet of United Kingdom-based crypto-exchange Wintermute.

CertiK, a blockchain security company, conducted an analysis and found that a private key presumably produced by Profanity, an app that lets users construct vanity crypto addresses, was exploited.

Using the private key, the attacker could then perform a function that, according to CertiK, would enable the attacker to replace the swap contract on the platform with the attacker’s own.

BlockSec, a blockchain security company, disproved rumors that the attack was an “inside job” because of the method by which it was executed.

$182 million Beanstalk Farms

Beanstalk Farms is an Ethereum-based stablecoin system. Tokens called STALK were utilized in this technology. It would need the consent of the majority of STALK holders in order for any assets to be transferred out of Beanstalk Farms.

A hacker purchased a controlling stake in STALK via a flash loan (a very short-term crypto loan) in April. They then utilized STALK tokens to propose a huge transfer of cash and approve it. An estimated $80 million in profits were made by the hacker, but the attack led the stablecoin to fall, leading to total losses of $182 million.

The post Top 8 of 2022’s Worst Crypto Exploits appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

The Lazarus Group is suspected of being the organization that was behind the Ronin Bridge scam. In March, a hacker gained access to the Ronin sidechain, which is connected to the main Ethereum blockchain but allows the developers of the play-to-earn game Axie Infinity, Sky Mavis, to support faster and cheaper transactions. As a result of the hack, 173,600 ETH and 25.5 million USDC were stolen, which had a market value of $625 million at the time. It is one of the most significant breaches in the history of crypto. In June, blockchain analytics company Elliptic discovered that the 100 million dollar Horizon Bridge attack could be traced back to Lazarus.

The Japanese National Police Agency did not identify any of the firms that were hacked or the sums that were taken, but it did identify the hacking gang. It’s something that the agency doesn’t usually tell the public before making an arrest because it could lead to another attack.

The post Lazarus, North Korean Hackers, Attacks Japanese Crypto Firms appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.