North Korean state-sponsored hackers the Lazarus Group are reported to have stolen over $45 million USD in Bitcoin and other crypto assets from Japanese-based crypto companies — in attacks dating back as far as 2017, according to a local publication, The Japan News.

The latest attacks by the group are aimed at companies [unnamed] that have more “loosely managed” assets and come in the form of phishing emails and social engineering schemes designed to compromise employees.

The Lazarus Group

This North Korean state-sponsored hacker group has become one of the most aggressive and damaging to the space to date. Some of their biggest exploits include the hack of the Axie Infinity Ronin bridge, which almost caused the NFT game to crash as the group stole well over $600 million USD in crypto.

Ripple effects from that same attack caused token mixers like Blender and Tornado Cash to receive U.S. sanctions as the cybercriminals used them to move funds around. The sanctions raised questions of ethics and policy for the DeFi space with many arguing technologies are neutral and should not be sanctioned based on how one nefarious group might use them.

I sent a letter to Treasury Secretary Yellen regarding the unprecedented sanctioning of Tornado Cash. The growing adoption of decentralized technology will certainly raise new challenges for OFAC. Nonetheless, technology is neutral and the expectation of privacy is normal.⬇️ pic.twitter.com/0aN4a4A6tb

— Tom Emmer (@RepTomEmmer) August 23, 2022

In the opinion of the U.S. Treasury, the group is likely resorting to these types of hacks to raise funds for the production of weapons of mass destruction — as a direct result of sanctions from the U.S. and the UN.

Latest Target

The group’s latest target and methods involve identifying loosely managed digital assets and attacking them through phishing and social engineering schemes aimed at employees.

Through these types of methods, the Lazarus Group looks to take advantage of unknowing employees to gain access to and exploit the broader company. An example of this came to light in the Axie case, where employees were sent fake job offers via LinkedIn, exposing them to malicious PDF files.

“Lazarus initially targeted banks in various countries, but recently it has been aiming at crypto assets that are managed more loosely,” said Katsuyuki Okamoto, of the information security firm Trend Micro Inc. adding, “it’s important to engage in public attribution, as it will raise public awareness of the perpetrator’s tactics and prompt people to take measures.”

Can They Be Stopped?

As the saying goes, the best offense is a good defense and that seems to be the best case here as of now. As crypto and general Web3 technologies advance, so do the exploiters and thieves that are looking to take advantage of it.

Currently, many of these major compromises have been traced back to human error or exploitation, something that won’t change until better technology and safeguards are developed.

This is why, now, more than ever, it is important for both companies and individuals to make security a priority, maintain best practices, and stay educated when it comes to common or current exploit methods.

In other crypto news, Texas has FTX in its sights for potential securities violations.