BitMEX discovers cybersecurity lapses in North Korea hacker group

The BitMEX crypto exchange’s security team discovered gaps in the operational security of the Lazarus Group, a North Korean (DPRK) government-sponsored cybercrime network, following a counter-operations probe into the organization, which exposed IP addresses, a database, and tracking algorithms used by the malicious group.
Security researchers for the exchange say there is a strong likelihood that at least one hacker accidentally revealed his true IP address, which showed the actual location of the hacker to be in Jiaxing, China.
Additionally, the BitMEX researchers say they were also able to gain access to an instance of the Supabase database, a platform for easily deploying databases with simple interfaces for applications, used by the hacking group.
According to the report, the analysis highlighted the asymmetry between the group’s low-skill social engineering teams designed to funnel unsuspecting victims into downloading malicious software and interacting with sophisticated code exploits developed by high-tech hackers.
This asymmetry signals that the North Korean state-affiliated hacking organization has splintered into separate sub-groups, with different levels of threat capabilities working together to defraud users, the BitMEX team said.
The report follows a series of high-profile hacking incidents, social engineering scams, and the infiltration of blockchain and tech companies attributed to the Lazarus Group and other North Korean-affiliated agents.
Related: North Korean spy slips up, reveals ties in fake job interview
Federal law enforcement agencies and governments sound alarm on Lazarus Group
Federal law enforcement agencies and governments worldwide are increasingly probing the activities of hackers associated with the DPRK, sounding the alarm on a number of common scam strategies employed by these threat actors.
In September 2024, the United States Federal Bureau of Investigation (FBI) issued a warning about social engineering scams perpetrated by the DPRK-backed group, including phishing attempts targeting crypto users with fake employment offers.
The governments of Japan, the US, and South Korea echoed the FBI warning in January 2025 and characterized the hacking activity as a threat to the financial system.
A recent report from Bloomberg suggested that world leaders may discuss the threat of the Lazarus hacking group at the next G7 Summit and strategies to mitigate the damage caused by the DPRK-affiliated organization.
Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis
Bitcoin (BTC) $ 119,144.00
Ethereum (ETH) $ 4,644.27
XRP (XRP) $ 3.12
Tether (USDT) $ 1.00
BNB (BNB) $ 849.09
Solana (SOL) $ 195.32
USDC (USDC) $ 0.999800
Lido Staked Ether (STETH) $ 4,634.88
Dogecoin (DOGE) $ 0.228764
TRON (TRX) $ 0.361173
Cardano (ADA) $ 0.936781
Wrapped stETH (WSTETH) $ 5,616.02
Hyperliquid (HYPE) $ 48.94
Chainlink (LINK) $ 22.83
Wrapped Bitcoin (WBTC) $ 119,109.00
Wrapped Beacon ETH (WBETH) $ 4,997.84
Stellar (XLM) $ 0.430625
Sui (SUI) $ 3.83
Wrapped eETH (WEETH) $ 4,979.81
Bitcoin Cash (BCH) $ 597.57
Ethena USDe (USDE) $ 1.00
Hedera (HBAR) $ 0.253528
WETH (WETH) $ 4,647.09
Avalanche (AVAX) $ 24.65
Litecoin (LTC) $ 122.73
Toncoin (TON) $ 3.45
LEO Token (LEO) $ 9.47
Shiba Inu (SHIB) $ 0.000013
USDS (USDS) $ 0.999678
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00
Uniswap (UNI) $ 11.13
WhiteBIT Coin (WBT) $ 45.91
Coinbase Wrapped BTC (CBBTC) $ 119,105.00
Polkadot (DOT) $ 4.04
OKB (OKB) $ 94.38
Ethena Staked USDe (SUSDE) $ 1.19
Bitget Token (BGB) $ 4.61
Cronos (CRO) $ 0.155004
Ethena (ENA) $ 0.731170
Aave (AAVE) $ 316.40
Pepe (PEPE) $ 0.000011
Monero (XMR) $ 243.55
Dai (DAI) $ 0.999839
Mantle (MNT) $ 1.10
Bittensor (TAO) $ 375.86
NEAR Protocol (NEAR) $ 2.81
Ethereum Classic (ETC) $ 22.60
Aptos (APT) $ 4.83
Ondo (ONDO) $ 1.02
Pi Network (PI) $ 0.387657
Internet Computer (ICP) $ 5.54
Jito Staked SOL (JITOSOL) $ 239.07
Binance-Peg WETH (WETH) $ 4,651.78
Arbitrum (ARB) $ 0.529958
Kaspa (KAS) $ 0.091883
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Algorand (ALGO) $ 0.260614
USD1 (USD1) $ 1.00
POL (ex-MATIC) (POL) $ 0.240210
Rocket Pool ETH (RETH) $ 5,275.59
Gate (GT) $ 18.14
Pudgy Penguins (PENGU) $ 0.034200
VeChain (VET) $ 0.024951
Cosmos Hub (ATOM) $ 4.58
Kelp DAO Restaked ETH (RSETH) $ 4,874.25
Sei (SEI) $ 0.338194
Render (RENDER) $ 3.90
Binance Staked SOL (BNSOL) $ 208.24
Fasttoken (FTN) $ 4.57
sUSDS (SUSDS) $ 1.06
Bonk (BONK) $ 0.000025
Worldcoin (WLD) $ 1.02
Artificial Superintelligence Alliance (FET) $ 0.715244
Official Trump (TRUMP) $ 9.28
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 5.35
StakeWise Staked ETH (OSETH) $ 4,884.70
Filecoin (FIL) $ 2.54
Story (IP) $ 5.61
Liquid Staked ETH (LSETH) $ 5,038.95
KuCoin (KCS) $ 13.18
Mantle Staked Ether (METH) $ 4,967.14
Flare (FLR) $ 0.023057
Sky (SKY) $ 0.077621
USDT0 (USDT0) $ 1.00
Lombard Staked BTC (LBTC) $ 118,981.00
Quant (QNT) $ 111.70
Jupiter (JUP) $ 0.523693
Injective (INJ) $ 15.33
SPX6900 (SPX) $ 1.60
USDtb (USDTB) $ 0.999979
XDC Network (XDC) $ 0.087564
Renzo Restaked ETH (EZETH) $ 4,895.02
Kinetiq Staked HYPE (KHYPE) $ 48.95
NEXO (NEXO) $ 1.36
Provenance Blockchain (HASH) $ 0.027949
Falcon USD (USDF) $ 1.00
Pump.fun (PUMP) $ 0.003783
Optimism (OP) $ 0.765064
Celestia (TIA) $ 1.79
Stacks (STX) $ 0.726411