The North Korean hacking team Lazarus Group targeted several crypto exchanges last year, Chainalysis reports. One of the attacks involved the cosmos of a fake, simply realistic trading bot website that was offered to employees of DragonEx substitution.

In March 2022 the hackers stole approximately $7 1000000 in diverse cryptocurrencies from Singapore-based DragonEx commutation. Though a relatively pocket-size sum, the hackers went to great lengths to obtain it.

The grouping used a sophisticated phishing attack where they created a realistic website and social media presence for a fake company named WFC Proof. The supposed company had created Worldbit-bot, a trading bot that was then offered to DragonEx employees.

Screenshot of the fake website

Screenshot of the imitation website. Source: Chainalysis

Though the software allegedly resembled an actual trading bot, it contained malware that could hijack the computer it infected. Eventually the software was installed on a motorcar that contained the private keys to DragonEx'south hot wallet, assuasive the hackers to steal the funds.

The attack is notable for its highly specific target and execution. The hackers announced to be very well versed in cryptocurrencies, even placing an ironic alarm on its website to not allow anyone access personal private keys.

Quick cash out

The group was previously known for parking the stolen coin for upward to 18 months and cashing it out one time the coast seemed clear.

In 2022 they inverse their behavior, choosing to exchange the money equally before long every bit possible. In social club to practice this, Lazarus began using CoinJoin-enabled wallets to mix their coins.

The hackers cashed out the majority of the money in the sixty days post-obit the attack, as opposed to about a full year for 2022 attacks.