New Way For North Korean Hackers To Steal Crypto Through NFT Games

North Korean hacker group Lazarus Group uses NFT games to spread malware so they can steal crypto assets from users' wallets. (Photo; Doc. CoinLive)

JAKARTA - North Korea's famous hacker group Lazarus Group has again caused a stir after reportedly spreading malware through fake NFT games. In this latest cyberattack, they allegedly exploited security loopholes in the Google Chrome browser to access important user data, especially their crypto wallet credentials.

This attack targets users through a game that seems to offer the popular play-to-earn (P2E) concept, but turns out to be just a cover to steal victims' digital data and money.

Cybersecurity experts from Kaspersky Labs, Boris Larun and Vasily Berdnikov, found that Lazarus Group created a fake game called "DeTankZone" with NFT elements in it. They even created a special website, detankzone[.]com, which was already inserted with a malicious code. Without downloading, it's enough to visit the site that users can already be hit by malware.

This malware exploits a gap in the JavaScript V8 engine on Chrome, so it can penetrate security protection and run malicious codes remotely. That way, Lazarus Group can install a malware called Manuscrypt that gives them full access to users' devices.

Kaspersky immediately reported these findings to Google, which immediately issued a security update. However, Lazarus Group has already spread this malware, and it is suspected that many users have become victims.

They not only infiltrate malware, but also rely on social engineering tactics by promoting the game on social media such as X (formerly Twitter) and LinkedIn. To convince users, Lazarus engages a number of well-known crypto influencers and creates professional LinkedIn sites and accounts, making the game look official.

This fake game is not just a trap, but has a fairly convincing gameplay feature with the 3D logo, display, and model that makes it even more interesting. Unfortunately, anyone accessing this site risks losing their crypto data. Lazarus Group is known to be very eyeing crypto assets, from 2020 to 2023, this group has recorded more than 25 crypto hacking actions with a total loss of 200 million US dollars (approximately IDR 3.1 trillion).

In fact, according to a CryptoPotato report, the United States Department of Finance also linked Lazarus to the case of hacking Ronin Bridge in 2022, which caused losses of more than 600 million US dollars (approximately Rp9.3 trillion) in the form of ether crypto seats (ETH) and USDC stablecoins.

Meanwhile, data from 21Shares shows that in September 2023, the group still controls more than 47 million US dollars (approximately IDR 727.5 billion) in various crypto assets including Bitcoin (BTC), Binance Coin (BNB), Avalanche (AVAX), and Polygon (MATIC). In the 2017 to 2023 period, Lazarus Group is estimated to have stolen more than $3 billion (approximately IDR 46.5 trillion) in digital assets.