Cross-chain protocol disclosed to be the victim of an email-based hack deBridge Finance, He explained that as a result of his investigation, he showed that the action probably came from the North Korea-linked Lazarus Group.
“Hack Attack May Spread To Other Web3 Platforms”
deBridge founder Alex Smirnov wrote:
“deBridgeFinance has apparently been subject to a cyberattack attempt by the Lazarus group.
This initiative is likely to be large-scale, which poses a threat to all teams on Web3.”
The attack took the form of an email spoofing the email address of deBridge co-founder Alex Smirnov. While most employees reported the suspicious email, one employee downloaded and opened the file.
In a lengthy Twitter post, Smirnov said the company’s investigation of the attack showed a similar attack pattern to those noticed in other cyberattacks by North Korea’s Lazarus Group.
one/ @deBridgeFinance has been the subject of an attempted cyberattack, apparently by the Lazarus group.
PSA for all teams in Web3, this campaign is likely widespread. pic.twitter.com/P5bxY46O6m
— deAlex (@AlexSmirnov__) August 5, 2022
deBridge Founder Explained the Details of How the Attack Happened
Smirnov continued his statements as follows:
“The attack method was via email, and several of our team received a PDF file called “New Salary Arrangements” from an email address that imitated mine.
We have strict internal security policies and we are constantly trying to improve them and educate the team on possible attack paths.
Most team members immediately reported the suspicious email, but a colleague of ours downloaded and opened the file.
This prompted us to investigate the attack vector to understand exactly how it works and what the consequences would be.
The attack won’t infect macOS users: opening this link on a Mac leads to a zip archive with the regular PDF file Adjustments.pdf. Opening this link on Windows systems leads to an archive containing a password protected pdf with the same name (md5:0038…8bc4) and an additional file named Password.txt.lnk.
The user infects the entire system by opening the password.txt.lnk file.”
Lazarus, many in the past cryptocurrency He made himself known by hacking his platform.
*Not investment advice.