North Korea-backed hacker group Lazarus Group has been escalating its attacks on the cryptocurrency community through phishing operations on the messaging app Telegram. The group is impersonating reputable venture capital firms to deceive crypto teams into running malicious scripts for phishing attacks. They establish trust with their victims through constant messaging and then trick them into attending a meeting where the phishing attack takes place. SlowMist, a blockchain security firm, has warned about the group’s use of Calendly’s “Add Custom Link” feature to embed malicious links within event pages. These well-disguised links often go unnoticed. The group has been linked to various domains impersonating other projects, with a specific IP address,, identified as malicious. The Lazarus Group has a notorious history of targeting the cryptocurrency industry, having stolen approximately $3 billion over the past few years. It is believed that North Korea sponsors these hackers to finance its weapons program. The U.S. has traced several crypto breaches back to North Korea-affiliated wallets, including the Ronin bridge exploit that resulted in the theft of over $600 million. Chainalysis, a blockchain analytics firm, estimates that North Korean hackers have stolen over $3 billion in the past five years. South Korean intelligence also reported a theft of $1.2 billion in BTC and ETH by North Korea in 2022 alone. These attacks highlight the need for vigilance and preemptive measures against the growing threat of cybercriminals targeting the cryptocurrency community. It is crucial for individuals and organizations to be cautious of suspicious messages and links, as well as to implement robust security measures to protect their assets.
