A hacker stole $20M in crypto from a US government wallet and then proceeded to launder it in non-custodial wallets.
Lazarus Group (a North Korean hack group) stole $3B crypto through a fake crypto game.
They used a zero-day vulnerability in Google Chrome that took Google 12 days to fix. Judging by the efforts put in by the hackers, this could be part of a larger plan.
A US government wallet also lost $20M crypto in another attack. Arkham Intelligence reported the on-chain movements yesterday, identifying an address used in the 2016 Bitfinex back.
Lazarus Group (a notorious North Korean hacker group) created two fake NFT games (DeTankZone and DeTankWar) and used a hidden Chrome exploit loader to siphon crypto from the users' wallets.
Most importantly, the zero-day vulnerability targeted the latest version of Google Chrome, which is more than a bit scary if you ask us.
For the more technically inclined, here's Kaspersky Lab's report on the vulnerability exploited by Lazarus.
In a nutshell, the hackers used the two NFT game websites to inject malicious software called Manuscript into their devices. The software corrupted Google Chrome's memory and let the hackers steal passwords and authentication tokens.
The two Kaspersky analysts who found this (Boris Larin and Vasily Berdnikov) said Lazarus is already using generative AI to improve its tactics.
In similar news, the US government lost $20M in another crypto hack. Arkham Intelligence said the funds went to an address (0xc9E) used in the 2016 Bitfinex Hack.
As usual, X users came up with some 'wild' theories and remarks about the hack. Here are some funny ones we found.
After the hack, the thief started laundering the money with non-custodial wallets. ZachXBT corroborated Arkham Intelligence's conclusion.
Hackers using generative AI for social engineering - we all saw this coming, but seeing the aftermath is still depressing and worrying. Phishing scams are getting more and more dangerous.
And stealing from the US government? Gutsy.
But crazy? That remains to be seen. Our bet is that it won't take long before the authorities track down the hackers, with a bit of help from online sleuths.