Cryptopeutic – Latest Crypto & Blockchain News
Image default
Bitcoin Crypto Stolen

$3B Stolen with Fake Crypto Games in Chrome Exploit – GameFi Still Not Safe?

  • Lazarus Group stole $3B with two fake NFT games by exploiting a zero-day vulnerability in the latest version of Google Chrome.
  • It took 12 days for Google to patch the exploit after Kaspersky Lab reported it to them.
  • A hacker stole $20M in crypto from a US government wallet and then proceeded to launder it in non-custodial wallets.

Lazarus Group (a North Korean hack group) stole $3B crypto through a fake crypto game.

They used a zero-day vulnerability in Google Chrome that took Google 12 days to fix. Judging by the efforts put in by the hackers, this could be part of a larger plan.

Kaspersky Lab found the Chrome exploit and reported it immediately, with Borin Laryin (analyst) saying that the attack might have broader implications in the long term.

A US government wallet also lost $20M crypto in another attack. Arkham Intelligence reported the on-chain movements yesterday, identifying an address used in the 2016 Bitfinex back.

Let’s discuss what’s happened.

NFT Games Steal $250M Per Day in Chrome Exploit

The math adds up:

  • Google took 12 days to patch the Chrome exploit
  • Kaspersky Labs reported a $3B theft by Lazarus Group in that period

Lazarus Group (a notorious North Korean hacker group) created two fake NFT games (DeTankZone and DeTankWar) and used a hidden Chrome exploit loader to siphon crypto from the users’ wallets.

Kaspersky Lab

Most importantly, the zero-day vulnerability targeted the latest version of Google Chrome, which is more than a bit scary if you ask us.

For the more technically inclined, here’s Kaspersky Lab’s report on the vulnerability exploited by Lazarus.

In a nutshell, the hackers used the two NFT game websites to inject malicious software called Manuscript into their devices. The software corrupted Google Chrome’s memory and let the hackers steal passwords and authentication tokens.

The two Kaspersky analysts who found this (Boris Larin and Vasily Berdnikov) said Lazarus is already using generative AI to improve its tactics.

Lazarus Group went to great lengths to optimize the social engineering aspect of the scam.

They focused on building a sense of trust to maximize the campaign’s effectiveness […] to make the promotional activities appear as genuine as possible. The attackers also attempted to engage cryptocurrency influencers […], leveraging their social media presence not only to distribute the threat but also to target their crypto accounts directly.Larin and Berdnikov, Kaspersky Analysts

This is how Lazarus Group conned crypto users of $3B, or $250M per day, in one of the largest crypto scams of this type.

US Government Loses $20M in Crypto Exploit

In similar news, the US government lost $20M in another crypto hack. Arkham Intelligence said the funds went to an address (0xc9E) used in the 2016 Bitfinex Hack.

The hackers stole $13.7M $AUSDC, $5.4M $USDC, $1.1M $USDT, and $500K $ETH for a total of $20.7M.

As usual, X users came up with some ‘wild’ theories and remarks about the hack. Here are some funny ones we found.

After the hack, the thief started laundering the money with non-custodial wallets. ZachXBT corroborated Arkham Intelligence’s conclusion.

Crypto Hackers Upping Their Tactics and Turning Gutsy

Hackers using generative AI for social engineering – we all saw this coming, but seeing the aftermath is still depressing and worrying. Phishing scams are getting more and more dangerous.

And stealing from the US government? Gutsy.

But crazy? That remains to be seen. Our bet is that it won’t take long before the authorities track down the hackers, with a bit of help from online sleuths.

References

Click to expand and view sources

Read More

Related posts

Crypto Price Predictions 2023: Bitcoin Price Will Hit $50k, Ethereum Price Set for $5k, Love Hate Inu to Rally to $5

DailyCrypto.news

FTX bankruptcy estate sues Anthony Scaramucci, FWD.us, others

DailyCrypto.news

This Week in Apps: AI-powered productivity apps, US weighs TikTok ban, SVB crash boosts crypto apps

DailyCrypto.news

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

Please enter CoinGecko Free Api Key to get this plugin works.