North Korean Hackers Used Fake NFT Game to Steal Wallet Credentials: Report
The NFT game had embedded malware that exploited a Chrome flaw to steal wallet credentials on a large scale.
Reports have emerged that bad actors allegedly tied to North Korea’s Lazarus Group executed a complex cyberattack that used a fake NFT-based game to exploit a zero-day vulnerability in Google Chrome.
According to the report, the vulnerability ultimately allowed the attackers to access people’s crypto wallets.
Exploiting Chrome’s Zero-Day Flaw
Kaspersky Labs security analysts Boris Larin and Vasily Berdnikov wrote that the perpetrators cloned a blockchain game called DeTankZone and promoted it as a multiplayer online battle arena (MOBA) with play-to-earn (P2E) elements.
Per the experts, they then embedded a malicious code within the game’s website, detankzone[.]com, infecting devices that interacted with it, even without any downloads.
The script exploited a critical bug in Chrome’s V8 JavaScript engine, letting it bypass sandbox protections and enabling remote code execution. This vulnerability allowed the suspected North Korean actors to install an advanced malware called Manuscrypt, which gave them control over the victims’ systems.
Kaspersky reported the flaw to Google upon discovering it. The tech giant then addressed the issue with a security upgrade days later. However, the hackers had already capitalized on it, suggesting a broader impact on global users and businesses.
What Larin and his security team at Kaspersky found interesting was how the attackers adopted extensive social engineering tactics. They promoted the tainted game on X and LinkedIn by engaging well-known crypto influencers to distribute AI-generated marketing material for it.
The elaborate setup also included professionally done websites and premium LinkedIn accounts, which helped create an illusion of legitimacy that attracted unsuspecting players to the game.
Lazarus Group’s Crypto Pursuits
Surprisingly, the NFT game wasn’t just a shell; it was fully functional, with gameplay elements such as logos, heads-up displays, and 3D models.
However, anyone visiting the P2E title’s malware-ridden website had their sensitive information, including wallet credentials, harvested, enabling Lazarus to execute large-scale crypto thefts.
The group has demonstrated a sustained interest in cryptocurrency over the years. In April, on-chain investigator ZachXBT connected them to more than 25 crypto hacks between 2020 and 2023, which bagged them more than $200 million.
Additionally, the U.S. Treasury Department has linked Lazarus to 2022’s infamous Ronin Bridge hack, in which they reportedly stole over $600 million in ether (ETH) and USD Coin (USDC).
Data collected by 21Shares’ parent company 21.co in September 2023 revealed that the criminal group held more than $47 million in assorted cryptocurrencies, including Bitcoin (BTC), Binance Coin (BNB), Avalanche (AVAX), and Polygon (MATIC).
In total, they are said to have stolen digital assets worth more than $3 billion between 2017 and 2023.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
US stocks head into holiday week with history on their side
Let’s take a look at how US equities typically perform this time of year and what we might see in the coming days
Cardano implements first ZK smart contract
Share link:In this post: Cardano has deployed its first zero-knowledge smart contract on the mainnet through the use of the Halo 2 zkSNARKs. The technology allows for secure and private verification of computations with the help of the network without disclosing sensitive information. ADA recently crossed the $1 level and went as high as $1.15 before a 17% drop.
Investors Flock to UltraShort Bitcoin ETF as Post-Trump Rally Cools
Senator suggests how D.O.G.E. can save $2 Trillion of American Tax Payers