BitMEX discovers cybersecurity lapses in North Korea hacker group
The BitMEX crypto exchange’s security team discovered gaps in the operational security of the Lazarus Group, a North Korean (DPRK) government-sponsored cybercrime network, following a counter-operations probe into the organization, which exposed IP addresses, a database, and tracking algorithms used by the malicious group.
Security researchers for the exchange say there is a strong likelihood that at least one hacker accidentally revealed his true IP address, which showed the actual location of the hacker to be in Jiaxing, China.
Additionally, the BitMEX researchers say they were also able to gain access to an instance of the Supabase database, a platform for easily deploying databases with simple interfaces for applications, used by the hacking group.
According to the report, the analysis highlighted the asymmetry between the group’s low-skill social engineering teams designed to funnel unsuspecting victims into downloading malicious software and interacting with sophisticated code exploits developed by high-tech hackers.
This asymmetry signals that the North Korean state-affiliated hacking organization has splintered into separate sub-groups, with different levels of threat capabilities working together to defraud users, the BitMEX team said.
The report follows a series of high-profile hacking incidents, social engineering scams, and the infiltration of blockchain and tech companies attributed to the Lazarus Group and other North Korean-affiliated agents.
Related: North Korean spy slips up, reveals ties in fake job interview
Federal law enforcement agencies and governments sound alarm on Lazarus Group
Federal law enforcement agencies and governments worldwide are increasingly probing the activities of hackers associated with the DPRK, sounding the alarm on a number of common scam strategies employed by these threat actors.
In September 2024, the United States Federal Bureau of Investigation (FBI) issued a warning about social engineering scams perpetrated by the DPRK-backed group, including phishing attempts targeting crypto users with fake employment offers.
The governments of Japan, the US, and South Korea echoed the FBI warning in January 2025 and characterized the hacking activity as a threat to the financial system.
A recent report from Bloomberg suggested that world leaders may discuss the threat of the Lazarus hacking group at the next G7 Summit and strategies to mitigate the damage caused by the DPRK-affiliated organization.
Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis
Bitcoin (BTC) $ 118,057.00
Ethereum (ETH) $ 3,771.00
XRP (XRP) $ 3.18
Tether (USDT) $ 1.00
BNB (BNB) $ 794.76
Solana (SOL) $ 186.66
USDC (USDC) $ 0.999901
Dogecoin (DOGE) $ 0.235898
Lido Staked Ether (STETH) $ 3,767.97
TRON (TRX) $ 0.322525
Cardano (ADA) $ 0.817190
Wrapped Bitcoin (WBTC) $ 118,037.00
Wrapped stETH (WSTETH) $ 4,555.83
Sui (SUI) $ 4.19
Hyperliquid (HYPE) $ 42.90
Stellar (XLM) $ 0.436554
Chainlink (LINK) $ 18.61
Wrapped Beacon ETH (WBETH) $ 4,049.81
Hedera (HBAR) $ 0.282895
Bitcoin Cash (BCH) $ 585.53
Wrapped eETH (WEETH) $ 4,038.03
Avalanche (AVAX) $ 24.86
WETH (WETH) $ 3,772.43
Litecoin (LTC) $ 112.96
LEO Token (LEO) $ 8.97
Shiba Inu (SHIB) $ 0.000014
Toncoin (TON) $ 3.29
USDS (USDS) $ 0.999913
Ethena USDe (USDE) $ 1.00
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00
WhiteBIT Coin (WBT) $ 44.17
Uniswap (UNI) $ 10.50
Polkadot (DOT) $ 4.13
Coinbase Wrapped BTC (CBBTC) $ 118,091.00
Monero (XMR) $ 325.97
Pepe (PEPE) $ 0.000012
Bitget Token (BGB) $ 4.59
Cronos (CRO) $ 0.140039
Aave (AAVE) $ 294.86
Ethena Staked USDe (SUSDE) $ 1.19
Bittensor (TAO) $ 423.15
Ethena (ENA) $ 0.610657
Dai (DAI) $ 0.999917
NEAR Protocol (NEAR) $ 2.89
Ethereum Classic (ETC) $ 22.51
Pi Network (PI) $ 0.442890
Ondo (ONDO) $ 1.04
Internet Computer (ICP) $ 5.68
Aptos (APT) $ 4.78
Jito Staked SOL (JITOSOL) $ 227.55
OKB (OKB) $ 48.13
Mantle (MNT) $ 0.811146
Bonk (BONK) $ 0.000034
Pudgy Penguins (PENGU) $ 0.041857
Kaspa (KAS) $ 0.099916
Algorand (ALGO) $ 0.278707
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Arbitrum (ARB) $ 0.448386
Binance-Peg WETH (WETH) $ 3,774.58
USD1 (USD1) $ 1.00
VeChain (VET) $ 0.025664
Cosmos Hub (ATOM) $ 4.76
Render (RENDER) $ 4.23
POL (ex-MATIC) (POL) $ 0.236494
Gate (GT) $ 17.82
Worldcoin (WLD) $ 1.16
Sky (SKY) $ 0.094791
Official Trump (TRUMP) $ 10.08
Fasttoken (FTN) $ 4.60
Sei (SEI) $ 0.337077
Artificial Superintelligence Alliance (FET) $ 0.730043
Binance Staked SOL (BNSOL) $ 198.70
SPX6900 (SPX) $ 1.99
Filecoin (FIL) $ 2.68
Rocket Pool ETH (RETH) $ 4,296.65
Jupiter (JUP) $ 0.572284
Flare (FLR) $ 0.024229
Lombard Staked BTC (LBTC) $ 118,046.00
Kelp DAO Restaked ETH (RSETH) $ 3,955.68
sUSDS (SUSDS) $ 1.06
Story (IP) $ 5.48
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 5.10
Curve DAO (CRV) $ 1.07
Injective (INJ) $ 15.11
KuCoin (KCS) $ 11.44
XDC Network (XDC) $ 0.089743
USDtb (USDTB) $ 1.00
StakeWise Staked ETH (OSETH) $ 3,965.76
Celestia (TIA) $ 1.95
Mantle Staked Ether (METH) $ 4,033.55
Liquid Staked ETH (LSETH) $ 4,077.08
USDT0 (USDT0) $ 0.999832
First Digital USD (FDUSD) $ 0.998868
Fartcoin (FARTCOIN) $ 1.33
NEXO (NEXO) $ 1.30
Stacks (STX) $ 0.811324
Optimism (OP) $ 0.719226
Renzo Restaked ETH (EZETH) $ 3,960.96
FLOKI (FLOKI) $ 0.000130
Polygon Bridged USDT (Polygon) (USDT) $ 1.00
