fxs_header_sponsor_anchor

Poloniex exchange hack likely linked to North Korea hacker Lazarus Group

|ByLockridge Okoth

  • X-explore research speculates that attack on Poloniex exchange could be linked to North Korea hacker Lazarus Group.
  • The attack is attributed to a leakage of private keys, akin to what the infamous hackers’ September  attack on Stake.com, stealing $41 million.
  • The normal withdrawal in Poloniex is the EIP-1559 type and now the attack transaction is in the Legacy type.

Poloniex centralized exchange, owned by Tron founder Justin Sun was exploited for about $125 million, with the controversial executive committing to making users 100% whole while putting out a 5% white hat bounty for the return of funds. As reported, the stolen assets were majorly distributed among ETH, BTC, and TRX together with other altcoins like FLOKI and AAVE, of low market capitalization.

Also Read: Justin Sun confirms Poloniex hack, assures users of 100% reimbursement

Poloniex attacks possibly identified

Poloniex exchange attackers could be the infamous Lazarus Group from North Korea, according to X-plore research, which tabulated addresses and balances related to the hacker. Based on the investigation, the researcher opines that the attack was facilitated by a leakage of the private key, noting that “The normal withdrawal in Poloniex is the EIP-1559 type and now the attack transaction is in the Legacy type.”

According to X-plore, this finding leads to the conclusion that the attack may have been the handiwork of North Korea’s notorious hackers, the Lazarus Group, basing their assumption on the fact that a similar tactic was used against Stake.com in September.

Specifically, the tactic is bi-factor, such that:

  • Different tokens are saved at different addresses, meaning each address will only deal with one kind of token.
  • A middle address is then used to swap the erc20/trc20 token on a decentralized exchange (DEX) and then transfer the ETH/TRX to the new address.

Stake.com attack by Lazarus Group

In a September report by the US Federal Bureau of Investigations (FBI), it was revealed that Lazarus Group executed a cyber-attack on an online casino and betting platform, Stake.com, stealing up to $41 million. The group is also called APT38, comprised of DPRK cyber actors according to the FBI.

In the attack, the exploiters moved stolen funds associated with the Ethereum, Binance Smart Chain (BSC), and Polygon networks from Stake.com into several virtual currency addresses.

Notably, if the perpetrator(s) is actually the Lazarus Group, then the chances of Sun’s 5% white hat bounty yielding fruit are slim to none, considering the Lazarus Group’s modus operandi.

Nevertheless, hope remains alive, considering Sun’s offer has yielded fruit only recently when HTX Global was hacked for $8 million.

 

Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.

RELATED CONTENT

Loading ...

Copyright © 2024 FOREXSTREET S.L., All rights reserved.