CertiK Reveals Lazarus Group’s Involvement in Web3 Breaches
CertiK has uncovered transactions linking the recent breaches at Atomic Wallet, Alphapo, CoinsPaid, Stake.com, and CoinEx to the Lazarus Group.
The Lazarus Group, known for its affiliation with North Korea, continues to wreak havoc in the Web3 community. After their notorious attack on the Ronin bridge last year, resulting in a $650 million loss, the group has been responsible for multiple cyber-attacks this year.
These attacks have collectively resulted in a loss of $291.3 million for the Web3 community. In fact, these incidents account for 77.7% of the total losses attributed to such breaches. The breaches at Stake.com and CoinEx alone contributed to 78% of the losses in September.
On-Chain Connections
According to CertiK’s investigations, private keys are frequently compromised during these attacks, indicating potential prior breaches at the affected companies. CertiK’s analysis revealed on-chain connections between the exploits on Atomic Wallet, Alphapo, CoinsPaid, Stake.com, and CoinEx.
It was evident that these breaches were linked to the Lazarus Group. Furthermore, each attack targeted vulnerabilities unique to the protocols and systems of each entity.
A Call for Vigilance
The findings have raised concerns about the preparedness of crypto entities against state-backed cyber adversaries. Decentralized platforms are attractive to actors like Lazarus due to their security and censorship resistance.
Web3 leaders are now urging for a coordinated global response to tackle this issue. Zhao Changpeng, CEO of Binance, emphasizes the need for advanced security protocols and international cooperation, stating that these attacks are not just an industry concern but a global security issue.
The Lazarus Group employs spear-phishing techniques to target Web3 company personnel and steal sensitive credentials. Employees in the Web3 industry should exercise caution when receiving unsolicited job offers, especially those with excessively lucrative compensation packages.
For investors, the importance of self-custody of funds cannot be stressed enough. Safeguarding against the ripple effect of such breaches and carefully managing personal private keys is crucial.
Hot Take: Cybersecurity in the Web3 Era
The recent revelations of the Lazarus Group’s involvement in Web3 breaches highlight the pressing need for enhanced cybersecurity measures. With state-backed actors like Lazarus possessing vast resources, crypto entities must prioritize advanced security protocols and foster international cooperation to combat these threats.
By
By
