North Korean Hacking Group Found Using Telegram to Steal Cryptocurrency

Francisco Memoria

Lazarus, a well-known hacking group believed to have ties to the North Korean regime, is reportedly using the privacy-centric messaging app Telegram to steal cryptocurrency.

According to Kaspersky’s cybersecurity researchers, evidence suggests Lazarus has been changing its attack methodology by taking “more careful steps” and employing “improved tactics and procedures” to steal Telegram users’ cryptocurrency.

Telegram is one of the most popular messaging platforms in the cryptocurrency community, so much so it’s even launching its own cryptocurrency, Gram, on its own TON blockchain. Lazarus’ attack vector is centered on fake cryptocurrency trading platforms, used to lure in victims.

Kaspersky’s researchers revealed Lazarus has been setting up fake cryptocurrency trading firms with websites that have links to social media platforms, including fake Telegram trading groups. In one instance, a Windows user was infected with malicious files via Telegram, and not via the fake crypto trading platform itself.

The researchers added they found various fake crypto exchanges, and that they believe these were created using free web templates. While Kaspersky only found these groups now, at least one was created back in December 2018.

The malware used on victims gives the North Korean hacking group control of the compromised device. Lazarus is known for going after financial institutions, and in recent years targeting cryptocurrency businesses. Identified victims from Poland, the UK, Russia, and China confirmed they were cryptocurrency businesses.

As CryptoGlobe reported, in March 2019 Kaspersky warned Lazarus’ targets were still businesses dealing with cryptocurrencies, warning extra caution was necessary when “dealing with new third parties or installing software.”

A UN reported from August 2019 revealed it was believed Lazarus managed to net the North Korean government was much as $2 billion through attacks on cryptocurrency exchanges and other financial institutions. South Korea’s largest crypto exchange Bithumb, which was hacked two times in the past, is believed to have been one of their targets.

Featured image via Pixabay.com

Error in Time-Locked Bitcoin Contracts Allows for Miner 'Fee-Sniping'

Michael LaVere
  • Crypto researcher 0xb10c discovered an error in bitcoin "time-locked" transactions that could be used as an attack vector.
  • Miners can take advantage of the program to carry out "fee-sniping" and steal funds from one another. 

Users have discovered an error in bitcoin “timelocked” contracts that could potentially allow miners to steal BTC from one another. 

Anonymous crypto engineer 0xb10c reported discovering more than one million “time-locked” transactions made between September 2019 and March 2020. In a post, 0xb10c detailed how these special bitcoin transactions were not being accurately enforced by the network. 

As opposed to normal transactions, time-locked transactions prevent recipient bitcoin from being accessed after sending. Users must wait for a specific number of blocks to be added to the network in ten-minute intervals before gaining control of their bitcoin. 

0xb10c claimed the errant time-locked transactions provided an attack vector for miners to steal transaction fees  from one another via “fee-sniping.” According to the engineer, the backlog of time-locked transactions were being purposefully designed for a “potentially disruptive mining strategy” involving the theft of miner fees. 

In an interview with CoinDesk, 0xb10c said time-locked transactions represented a “low-priority” problem at present that could eventually balloon to involve the wider network. He explained that fee-sniping would become more lucrative in a few years as the majority of miner income shifts towards transaction fees. 

He continued, 

A fix for this has been released in early 2020. However, it will take a while before all instances of the currently deployed software are upgraded.

Featured Image Credit: Photo via Pixabay.com