Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
DPRK-linked hackers stole US$11 million in crypto assets from the Taiwanese BitoPro exchange last month.
A Taiwanese cryptocurrency exchange has pointed its digital finger at the North Korean threat actor, the Lazarus Group, following a digital heist that got away with US$11 million in digital assets.
According to the exchange in question, BitoPro, the hackers conducted their cyber attack on 8 May during a routine wallet infrastructure upgrade.
Initial access was gained via social engineering techniques, which allowed the threat actor to deploy malware to an employee’s device. The attackers were able to get around multifactor authentication by using hijacked AWS session tokens, which, in turn, let them take over BitoPro’s cloud infrastructure.
The attackers were then able to run malicious commands from their own command and control infrastructure. Scripts were injected into BitoPro’s network that masked the hackers’ activity under the guise of normal transactions.
“Attackers then quickly laundered the stolen assets through decentralised exchanges and crypto mixers such as Tornado Cash, Wasabi Wallet and Thor Chain, impeding recovery,” Bitdefender said in a blog post outlining the brazen attack.
“BitoPro has since rotated its cryptographic keys and notified law enforcement of the breach.”
While the theft took place on 8 May, BitoPro first mentioned the attack via a post to its Telegram channel on 2 June. BitoPro was able to cover the loss of funds out of its own reserves, and day-to-day operations and trading have been unaffected by the attack.
BitoPro engaged cyber security experts to assist in its investigation into the heist and was able to confirm there was no insider threat at play and that the TTPs used by the hackers were identical to methods previously employed by the Lazarus Group.
The Lazarus Group has a history of engaging in cryptocurrency heists in support of the North Korean regime and was responsible for the recent theft of US$1.5 billion from the Bybit cryptocurrency exchange.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
