Lazarus Group, a prominent hacking group associated with the North Korean government with a long history of targeting companies and individuals within the cryptocurrency and non-fungible token space, shows no signs of slowing down its heinous attacks against the crypto and non-fungible token communities. Recently, the North Korean hacking group appears to have shifted its focus to crypto and NFT communities on LinkedIn.
Lazarus Hacking Group Explained
Revealed in 2017, the Lazarus Group is a prominent hacking group associated with the North Korean government with a long history of targeting companies and individuals within the cryptocurrency space. The Lazarus hacker group is made up of an unknown number of users alleged to be trained by the government of North Korea. They have been linked to the breaches of Phemex, WazirX, Stake, among others.
Earlier this year, the Lazarus Hacking group was linked to the Bybit breach, which left more than $1.5 billion worth of crypto stolen. On 21 February, the criminals hacked one of ByBit’s suppliers to secretly alter the digital wallet address to which 401,000 Ethereum crypto coins were being sent. Since then, it’s been a cat-and-mouse game with crypto sleuths to track and block the hackers from successfully converting the crypto into usable cash.
Bybit hack $1.5 billion. Caused by blind signing, a screen can fix this. https://t.co/rb93N3o9iH
— Nicolas Dorier (@NicolasDorier) June 1, 2025
In the Bybit breach, the hacking group tricked a Safe Wallet employee into running malicious code on their computer to establish initial access. Once this foothold was obtained, what looks like a more sophisticated “division” of the group took over and continued post-exploitation, obtaining access to Safe’s AWS account and modifying the wallet’s front-end source code, which resulted in the ultimate theft of their cold wallets.
Lazarus Groups Now Targets NFT Users On LinkedIn
Hacking and scamming groups, like the Lazarus Group, are becoming more sophisticated in their tactics. This time around, they have evolved and begun secretly hunting crypto and NFT projects on LinkedIn. Last month, a BitMEX employee was contacted through LinkedIn for a potential “NFT Marketplace” web3 project collaboration. This pretext was similar enough to other attacks common in this industry that the employee suspected it was an attempt to trick them into running malicious code on their device.
Fortunately, the BitMEX employee quickly alerted the security team, who investigated with the objective of understanding how this campaign worked and how to protect the company from it. After some back and forth with the attacker, the BitMEX employee was invited to a private GitHub repository, which contained code for a Next.js/React website. The goal was to make the victim run the project, which includes malicious code, on their computer. The security team later found that the attacker was linked to the North Korean Lazarus hacking group.
Related NFT News:
OpenSea Tops The NFT Market Chart In May 2025 – InsideBitcoins
NFT Sales Plunge +20% To $102M This Last Week Of May 2025
Bored Ape NFT Maker Sells Moonbirds IP To Orange Cap Games
