Catenaa, Monday, December 16, 2024 – Bahrain-based cryptocurrency exchange Rain.com was the target of a $16 million heist in April 2024, orchestrated by the North Korean cybercrime group Lazarus, according to a US Department of Justice investigation.
The hackers reportedly used sophisticated social engineering tactics via a professional Social Media platform to breach the platform’s security.
Investigators revealed that Lazarus operatives posed as recruiters, engaging a Rain employee on the platform with a fraudulent job offer.
The group provided a link for a coding challenge embedded with TraderTraitor malware.
This malware facilitated unauthorized access to private keys and passwords, enabling the hackers to drain Rain’s crypto wallets.
The FBI, collaborating with Rain, traced portions of the stolen funds, identifying $760,000 in the cryptocurrency SOL at Lithuania-based exchange WhiteBIT.
These assets have been frozen, with plans for seizure underway.
The Lazarus Group, identified as a state-backed entity, has conducted similar operations targeting other cryptocurrency companies.
Investigators noted the group’s reliance on the social networking platform to establish initial contact before transitioning conversations to other social media and communication apps to deploy malware.
Since 2017, Lazarus has estimated to have stolen hundreds of millions in cryptocurrency, with funds believed to support North Korea’s nuclear ambitions.
Despite proactive measures, LinkedIn acknowledged the challenges of combating state-sponsored activities on its platform and highlighted its defenses against such threats.
Rain has not yet commented on the incident.
The case underscores the persistent vulnerabilities within the cryptocurrency sector, where advanced phishing techniques and malware attacks pose significant risks to digital asset platforms globally.
