Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
North Korean hackers infiltrate crypto projects as employees

North Korean hackers infiltrate crypto projects as employees

Cryptopolitan2024/07/16 11:40
By:By Hristina Vasileva

Share link:In this post: Several recent exploits were tied to known personalities, with visible ENS addresses. Hackers use governance attacks to exploit DeFi protocols. Fund laundering is reaching the Huione Guarantee trading platform, where peer-to-peer transfers are easier to hide among other escrow deals.Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independen

Hacks of crypto projects are often linked to inside information leaks. New on-chain data reveals North Korean hackers may deliberately target crypto startups, gaining trust to become employees. 

North Korean hackers get a step closer to crypto exploits, by becoming the employees of crypto projects. The past six months saw a return to exploits, both against projects and individual wallets. 

Also Read: North Korea backed Lazarus Group linked to $305 million DMM Bitcoin hack

On-chain investigator ZachXBT noted that North Korean hackers were also not careful about hiding their tracks. Some of them went as far as to tie their wallet actions to an ENS human-readable and well-known name. 

The exploits have affected the Munchables game team , leading to a hack in March 2024. The game lost between $62M and $64M in ETH, which were later returned by the hacker.

Attacks continue to undermine the trust in Web3 features, as projects are prone to multiple types of exploits. Some Web3 projects admit volunteer developers, while others face exploits from tainted code builds. 

Other vectors of attacks noted in the past few days include flash loans against protocols. The most recent exploits involved Minterest, with a $1.4M flash loan, as well as Dough Finance, losing $1.9M. The Minterest funds were immediately sent to the Tornado Cash mixer, and may not be immediately recoverable. 

Additionally, the sites of several large Web3 protocols were compromised, replacing links to their normal facilities with wallet drainers. The exploit even affected Curve Finance, which has since recovered its site, though it invites further caution in interacting with Web3 links. 

Even when remaining relatively anonymous, a pattern of laundering funds points to the involvement of Lazarus. Some of the funds are additionally mixed, but instead sent to a list of small non-KYC exchanges. A recent hack showed funds ended up on the Huion Guarantee market, a hub often used by Lazarus hackers. 

Governance attacks affect DeFi

One of the potential attacks for valuable projects are so-called governance attacks. Those attacks can be significant, especially when it comes to redistributing liquidity. 

Some of the North Korean hackers have been identified as the performers of multiple governance attacks. The DAO model, tying voting to fund distribution, has invited multiple attacks over the years. 

Currently, TrueFi DAO has been trying to ensure fair governance, while raising fears of a potential malicious governance. 

Some of the DAO attacks have also been identified as coming from Dark DAOs, which can afford the funds to vote. Organizations can buy the right to vote in other DAO issues, and sometimes, they are able to gain the right through regular Web3 activities, such as liquid staking. 

Also Read: Ethena Discord gets hacked, users advised to not click any links

In some cases, a DAO will hold a vote to distribute a significant treasury. Imposters that have built stakes can vote and directly gain control of a large part of that treasury. Most DAO rely on smart contracts, so the process is automated. 

ZachXBT noted that some of the North Korean hackers were easily identified in DAO attacks, not taking care to use various veiling technologies for vote-buying. 

Huione Guarantee market raises red flags

Connections to the Huione Guarantee market are a new source of red flags for wallets and projects. Connections to this market can lead to blacklisting, as it happened recently to a Tether (USDT) wallet on the TRON network. 

Huione Guarantee is not an exchange, but a peer-to-peer trading platform, offering escrow services. The company carries escrow accounts, and claims to be neutral, although it has been noted to facilitate personal scams, as well as laundering funds from crypto heists.

Huione Guarantee products resemble the abuses and hacks market on Telegram, also offering software and tools for personalized scams. The platform also relies on USDT for large-scale transfers and the laundering of hack funds. The platform has the advantage of being virtually untraceable, as the transactions are tied to small online shops, and may not stand out like pure crypto movements. 

Despite this, research by ZachXBT also revealed a new list of addresses , which are tied to Huione Guarantee usage. 

Cryptopolitan reporting by Hristina Vasileva

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Ethena protocol approves Wintermute’s revenue-sharing proposal

Share link:In this post: The Ethena Protocol will follow Wintermute’s proposal and activate a fee switch. Wintermute had previously noted that the protocol lacked a proper framework for revenue allocation to its holders. Ethena Foundation welcomed the firm’s proposal, saying it could see the potential benefits.

Cryptopolitan2024/11/16 12:22

Elon Musk Dismissed OpenAI ICO Idea in 2018

“It would simply result in a massive loss of credibility for OpenAI and everyone associated with the ICO,” Musk reportedly said.

Cryptotimes2024/11/16 12:00