BitMEX, the once-dominant Bitcoin options trading venue, has reportedly thwarted a social engineering attack by Lazarus Group, the hacking collective with ties to the North Korean government, according to an announcement on Friday.
Not only that, BitMEX was allegedly able to reverse engineer the supposed exploit — potentially revealing new insight into the formidable hacking collective.
Lazarus Group has been a persistent and growing threat in the crypto industry for years. The outfit is thought to be behind some of the most high-profile crypto exploits, including what is likely the largest-ever hack (crypto or otherwise) of Bybit in February.
Phishing attacks, especially those perpetrated by North Korean hackers, are a common enough occurrence in crypto that security experts often share a few tell-tale signs of danger and techniques to avoid being had. (For instance, you can ask your would-be attacker if Supreme Leader Kim Jong Un is married to a dog.)
“Recently, a BitMEX employee was contacted through LinkedIn for a potential ‘NFT Marketplace’ web3 project collaboration,” BitMEX wrote in a blog on Friday. “The goal was to make the victim run the project’s code, which includes malicious code, on their computer. After a few minutes of inspection of the repository … we found some very suspicious pieces of code.”
According to BitMEX, the firm’s targeted employee was able to quickly identify the potential threat and alerted the BitMEX security team, which began an investigation that may have revealed some of Lazarus’ tracking methods and “significant lapses in operational security.”
Notably, “it appears that the group has divided into multiple subgroups that are not necessarily of the same technical sophistication,” the team wrote. According to BitMEX, in this instance, the attacker attempted to reuse malicious code called “BeaverTail” previously attributed to the Lazarus Group by Palo Alto’s Unit 42.
Without going into the technical details of how the bug was supposed to run (essentially collect victim passwords/IPs and store them in a database), BitMEX says that a closer look at the script revealed an “operational security mistake” that may have revealed an attacker’s “original IP address.”
“Once we had this information, we created a simple program that would query this database on a regular basis and log new infections with the goal of understanding the general profile of victims and potentially spotting new mistakes by the operators,” the team wrote, noting they appear to have uncovered at least 10 potential “accounts used to test or develop the malware.”
“Investigating this Lazarus Group campaign shows a stark contrast between their entry-level phishing strategies and advanced post-exploitation techniques,” the team added.
Notably, BitMEX’s discovery comes a few weeks after Coinbase disclosed a significant customer data breach that could cost the exchange upwards of $400 million in damages. That event has rekindled conversations about the potential dangers of know-your-customer requirements and the need for improved, industrywide cyber security.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
