Recently, several reports have been about hacking attacks on cross-chain protocols and Web3 firms. The main suspect in the situation is the Lazarus Group hackers belonging to North Korea. These attacks have been brought to the surface by Delbridge Finance, and the attackers have been seen with the mark of Lazarus Group. As per the reports, the employees of deBridge Finance got an email that looked like any other regular email sent by the co-founder of the company named Alex Smirnov. It happened this Friday afternoon. The email was labelled as ‘New Salary Adjustments.’ So the curiosity of the employees to open it was customarily. Moreover, the subject of the mail came when the crypto firms were laying off their employees or cutting down the payment in the tough times.
Several employees, however, found this mail suspicious and reported it as spam. However, one of the employees opened and downloaded the sent attachment as a pdf file. But the attack wasn’t successful as the deBridge team made sure to fail it. On Friday, the co-founder also tweeted the incident with a detailed explanation. The downloaded file did what it was supposed to do. It started a cmd.exe command. This command scans the computer to see the presence of any anti-virus. In the absence of the anti-virus software, the corrupted file gets into the autostart folder. Then, this file starts getting signals from the attacker.
The deBridge members let the script get commands from the attackers but blocked it from practising any commands in the system. Later it was also found that the code gathers information from the system and transports it to the attackers. If the code hadn’t been disabled, the attackers would have been able to execute the code. Chainanalysis have given the increased number of cross-bridge attacks in 2022. There were 13 attacks in 2022 that caused the eruption of around $2 billion worth of cryptocurrency, making up 70% of the stolen amount.
