Crypto exchange BitMEX prevents hacker attack by Lazarus Group

Crypto exchange BitMEX reported that it managed to stop an attempted phishing attack by the Lazarus Group, a group with ties to North Korea. In a blog post dated May 30, the platform noted that the attempt was «simple» and consisted of an attempt to attract an employee via LinkedIn under the pretext of cooperation in the field of Web3 NFT.

The attackers attempted to convince the employee to launch a project from GitHub that contained malicious code, a tactic that has become a common feature of Lazarus operations. The exchange’s security team quickly detected the disguised JavaScript code and traced it to infrastructure previously associated with the group.

Interestingly, one of the identified IP addresses was located in Jiaxing, China, about 100 km from Shanghai, indicating a possible error in the organization of the operation. According to experts, the Lazarus Group has several subgroups with different levels of technical expertise: those engaged in phishing and others that use more sophisticated post-hacking techniques.

In general, Lazarus Group uses a wide range of methods, from basic phishing and fake job postings to sophisticated manipulation of smart contracts and cloud service infrastructure. In 2024 alone, hackers from North Korea stole $ 1.34 billion in cryptocurrency, which was a record and almost twice as much as in 2023.

According to Snir Levy, founder of Nominis, even the growing awareness of Lazarus Group’s tactics does not make them less of a threat: «They are trying to deceive people every day.» This is reinforced by the scale of the attacks — for example, in February 2025, more than $ 1.4 billion was stolen from Bybit after a Safe Wallet employee ran malicious code.