Crypto folks (hopefully) already know that Lazarus is one of the most prevalent threat actors targeting this industry
Contents
Crypto folks (hopefully) already know that Lazarus is one of the most prevalent threat actors targeting this industry.
They rekt more people, companies, protocols than anyone else.
But it's good to know exactly how they get in. Bc another smart contract audit won't save you.
For example, one long-time fave method:
- Contact employee via social/messaging app
- Direct them to a Github for a job offer, "skills test," or to help with a bug
- Rekt individual's device
- Gain entry to company's AWS
- Rekt company (and their users)
cloud.google.com/blog/topics/th…
With permission, I’m sharing a recent convo that led to $2m+ stolen so you can see how this DPRK crew (TraderTraitor) is operating today.
These convos are pretty rare to see. Thefts occur months later, so very few uncover how the initial entry was made.
cisa.gov/news-events/cy…
This particular example is also notable because we have records of two separate convos.
Same threat actor, using the same Linkedin persona, reaching out to …
They rekt more people, companies, protocols than anyone else.
But it's good to know exactly how they get in. Bc another smart contract audit won't save you.
For example, one long-time fave method:
- Contact employee via social/messaging app
- Direct them to a Github for a job offer, "skills test," or to help with a bug
- Rekt individual's device
- Gain entry to company's AWS
- Rekt company (and their users)
cloud.google.com/blog/topics/th…
With permission, I’m sharing a recent convo that led to $2m+ stolen so you can see how this DPRK crew (TraderTraitor) is operating today.
These convos are pretty rare to see. Thefts occur months later, so very few uncover how the initial entry was made.
cisa.gov/news-events/cy…
This particular example is also notable because we have records of two separate convos.
Same threat actor, using the same Linkedin persona, reaching out to …