Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Three measures cryptocurrency investors can implement to protect against hacks by the Lazarus Group.
Cryptocurrency enthusiasts often become targets of online hacks, with Mark Cuban being the most recent notable instance of how nearly a million dollars can vanish from a digital wallet.
By following three straightforward guidelines outlined in this article, you can significantly enhance the security of your assets. However, before exploring these recommendations, it is essential to comprehend the nature of the threats that exist today.
FBI has clear evidence on the Lazarus Group
The Lazarus Group is a hacking organization sponsored by the North Korean government, recognized for their advanced attacks associated with various cyber incidents and criminal activities, including the WannaCry ransomware attack.
WannaCry caused significant disruptions to essential services across numerous organizations, including healthcare facilities and government bodies, by encrypting files on compromised computers and demanding ransom payments in Bitcoin (BTC).
One of its initial cryptocurrency-related breaches occurred in April 2017 when the South Korean crypto exchange Yapizon (later renamed Youbit) was hacked, leading to the theft of 3,831 Bitcoin, valued at over $4.5 million at that time.
The activities of the Lazarus Group in the cryptocurrency sector have raised alarms regarding its capacity to fund the North Korean regime and circumvent international sanctions. For example, in 2022, the group was linked to several high-profile cryptocurrency breaches, including the $620 million theft from the Axie Infinity bridge Ronin.
The Federal Bureau of Investigation (FBI) has attributed the hacks of Alphapo, CoinsPaid, and Atomic Wallet to the Lazarus Group, indicating that the total losses from these incidents exceed $200 million that the group has pilfered in 2023.
This month, the FBI connected the Lazarus Group to a $41 million breach of the crypto gambling platform Stake, which was executed through a spear-phishing campaign targeting some of its employees.
Finally, as reported by blockchain security firm SlowMist, the $55 million breach of the crypto exchange CoinEx was executed by the North Korean state-sponsored hackers.
Most hacks involve social engineering and exploit human error
Related Posts
In contrast to typical portrayals in films, where hackers gain physical access to devices or use brute force to crack passwords, the majority of hacks occur through phishing and social engineering. The attacker exploits human curiosity or greed to lure the victim.
These hackers may impersonate customer support agents or other trusted individuals to deceive victims into revealing their personal information.
For example, a hacker might pretend to be a company’s IT support and contact an employee, claiming they need to verify their login details for a system update. To establish credibility, the attacker may utilize publicly available information about the company and the target’s position.
Related: North Korean crypto hacks down 80%, but that could change overnight: Chainalysis
Phishing attacks involve sending misleading emails or messages designed to trick recipients into taking harmful actions. An attacker might impersonate a legitimate organization, such as a bank, and send an email to a user, requesting them to click on a link to verify their account. The link directs them to a fraudulent website where their login credentials are compromised.
Baiting attacks present something appealing to the victim, such as free software or a job opportunity. An attacker poses as a recruiter and creates a convincing job listing on a reputable job search platform. To further build trust, they may even conduct a fake video interview and later inform the candidate that they have been selected. The hackers then send a seemingly harmless file, like a PDF or a Word document, which contains malware.
How crypto investors can avoid hacks and exploits
Fortunately, despite the growing sophistication and capabilities of hackers today, there are three simple measures you can implement to safeguard your assets. Specifically:
- Utilize hardware wallets for the long-term storage of your cryptocurrency assets, which are not directly connected to the internet, making them highly secure against online threats like phishing attacks or malware. They offer an additional layer of protection by keeping your private keys offline and away from potential hackers.
Common crypto hardware wallets. Source: Enjin
- Activate Two-Factor Authentication, or 2FA, on all your crypto exchange and wallet accounts. This adds an extra security layer by requiring you to enter a one-time code generated by an app like Google Authenticator or Authy. Even if an attacker manages to steal your password, they will not be able to access your accounts.
- Exercise extreme caution when clicking on links in emails and on social media. Scammers frequently use enticing offers or giveaways to attract victims. Use separate “burner” accounts or wallets for experimenting with new decentralized applications and for airdrops to minimize the risk of losing your funds.
This article is for informational purposes only and is not intended to be and should not be construed as legal or investment advice. The views, thoughts, and opinions expressed here are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.
