Analysts of the BitMEX cryptocurrency exchange have discovered a critical vulnerability in the operational security of Lazarus Group hackers

Analysts at BitMEX have identified serious flaws in the operational security of the Lazarus Group, a hacker group linked to the DPRK government. In particular, in their report, the experts called some of these shortcomings «amateur-level mistakes.» The investigation revealed the IP addresses, databases, and algorithms used by the hackers.

One of the Lazarus Group members, for example, did not use a VPN and thus revealed his actual location in Jiaxing, China. BitMEX analysts received this information after a hacker attempted to contact one of the exchange’s employees via LinkedIn under the guise of a potential NFT partner. The attacker tried to force the employee to launch a malicious project from GitHub.

BitMEX also managed to gain access to the Supabase platform, which Lazarus used to deploy databases with a simple interface. The study found that there were units with different skill levels among the group members: some of them were only engaged in social engineering, while others were responsible for finding technical vulnerabilities.

Earlier, in March 2025, Lazarus hackers tried to hack crypto entrepreneurs via Zoom and the GitHub platform, and in April, Kenny Lee, co-founder of Manta Network, spoke about another hacking attempt that was probably also organized by Lazarus.