Lazarus Group Strikes Again: Transactions Reveal On-Chain Connections in 5 Major Exploits

Lazarus Hack

CertiK has revealed transactions connecting the breaches at Atomic Wallet, Alphapo, CoinsPaid,, and CoinEx that show Lazarus Group’s involvement in these exploits.

This comes while the digital community is reeling from various cyber attacks that have affected several major Web3 entities.

On-Chain Connections

The infamous Lazarus Group, supported by North Korea, is still causing chaos in the Web3 community. Following their well-known exploit of the Ronin bridge in 2022, which resulted in a loss of $650 million, the group has been responsible for multiple cyber-attacks this year.

These incidents have led to a total loss of $291.3 million for the Web3 community across the five major incidents. This figure represents 77.7% of total losses attributed to such breaches. The exploits of and CoinEx alone accounted for 78% of the losses in September.

These attacks frequently compromise private keys, suggesting potential prior breaches at the affected companies. CertiK conducted a series of blockchain investigations that helped reveal on-chain connections between the exploits on Atomic Wallet, Alphapo, CoinsPaid,, and CoinEx.

A clear pattern emerged, connecting these breaches to the Lazarus Group. Specifics of the violations also reveal that each attack exploited vulnerabilities unique to the protocols and systems of each entity.

A Call for Vigilance

As the Web3 community deals with these findings, concerns are emerging regarding the readiness of crypto entities against state-backed cyber adversaries. Decentralized platforms, known for their security and censorship resistance, are enticing and susceptible to actors like Lazarus, who possess the necessary resources and motivation.

Web3 leaders are now calling for a coordinated global response. “These attacks demonstrate the urgent need for advanced security protocols and international cooperation,” says Zhao Changpeng, CEO of Binance. “We are dealing with state-backed actors with vast resources. This is not just an industry concern, but a global security issue.”

The Lazarus Group’s strategy involves spear-phishing targeted at Web3 company personnel to steal sensitive credentials. Employees in the Web3 industry should be cautious of unsolicited job offers, especially those with excessively lucrative compensation packages.

For investors, the emphasis on self-custody of funds becomes crucial, safeguarding against the ripple effect of such breaches and necessitating careful management of personal private keys.

Source link

About The Author

Scroll to Top