The Lazarus hacker organization has struck the exchange twice in a year; how was $1.4 billion stolen?

Question

In the latest security report released by the South Korean cybersecurity company AhnLab, the Lazarus North Korean hacker group is listed as the most active attacker of last year.

Their trick is actually not complicated - phishing emails. Disguised as something like lecture invitations or interview notifications, you get caught as soon as you open the attachment. It sounds cliché, but it is effective.

The most brutal incident was on February 21 of this year. A leading exchange was hacked, resulting in a direct loss of 1.4 billion dollars. That's right, 1.4 billion. Additionally, the South Korean exchange Upbit was recently fleeced of 30 million dollars. In both cases, Lazarus is the prime suspect.

The protective advice given in the report is quite practical:

Enterprises need to implement multi-layered protection; don't expect a single wall to suffice.
Regularly check for vulnerabilities and apply patches, don't be lazy.
Employee security training must keep up, after all, people are the biggest vulnerability.

Ordinary users say:

Multi-factor authentication must be enabled
Do not click on unknown links and attachments randomly.
Avoid sharing personal information on social media platforms.
Only use official channels to purchase items.

AhnLab also pointed out a more troublesome trend — as AI tools become increasingly popular, the cost for hackers to generate phishing content has dropped to zero. In the future, those fake emails, fake web pages, and deepfake videos may be indistinguishable from the real ones.

So the conclusion is simple: don't think you won't fall for it. The fact that Lazarus can steal 1.4 billion dollars shows that even the largest platforms can have problems, let alone individual users.

View Original

NotGonnaMakeIt · Accepted Answer

Phishing emails are still being used in 2024? Is the exchange&#39;s security team asleep?

---

1.4 billion just vanished like that, I lost my share.

---

Ultimately, it&#39;s still a human problem; no matter how much protection there is, it can&#39;t stop the idiot who clicks the wrong link.

---

Lazarus really treats the exchange as an ATM; how arrogant can one be?

---

Multi-layer protection, patching, training; it sounds simple, but each exchange is slacking off, and they deserve it.

---

30 million is still a small number? These hackers are truly ruthless.

---

Phishing emails being this outdated and still effective shows that our circle&#39;s defense awareness is at this level.

---

Why doesn&#39;t the exchange just disable email attachments directly instead of making it so complicated?

---

1.4 billion, buddy, how long do I have to work to earn even a fraction of that number?

---

Lazarus: Why do you guys keep giving me money? Who can stand this?

MeaninglessGwei · Answer

1.4 billion just disappeared like that, ridiculous

Phishing emails can still succeed in 2024? Is the security of the exchange this easy?

Lazarus is really incredible, this operation can be called art

Employee training is really crucial, people are indeed the weakest link

How can there still be people clicking on such suspicious attachments?

Multi-layer protection sounds easy, but the actual implementation cost is really high

Wow, a theft of this scale has actually gone unprevented

North Korean hackers are too rampant, exchanges need to take it seriously

What does the high success rate of phishing emails indicate?

GasFeeGazer · Answer

1.4 billion just disappeared, ridiculous

---

Is it another phishing email? The exchange&#39;s security really needs to reflect on this

---

Employee training is indeed a shortcoming; how many major incidents are man-made disasters

---

Lazarus and their crew are still active; it feels like they can never be caught

---

After talking about multi-layer protection for so many years, there are still people who only build one wall

---

30 million lost and it&#39;s not even news; we&#39;ve seen this too often in this industry

---

Still daring to operate an exchange without applying patches? Wake up, everyone

---

People are indeed the biggest vulnerability; this statement is not wrong

---

Two major blows in a year indicate that the protection in the past few years has been merely for show

---

How come phishing emails are still so effective when this trick is so old?

ApeShotFirst · Answer

1.4 billion just disappeared like that? Oh my gosh, even phishing emails are still so fierce in 2024.

ForkPrince · Answer

1.4 billion just disappeared like that? What is the security team of the exchange doing?

---

Phishing emails can still succeed; put simply, it&#39;s the employees who lack awareness of prevention.

---

Lazarus is really ruthless; the North Korean hacker group is not to be trifled with.

---

Multi-layered protection sounds easy, but how many exchanges are truly dedicated to it?

---

30 million is nothing; 1.4 billion is the real big loss.

---

It seems that no matter how big the exchange, they can&#39;t prevent it; it&#39;s safer to manage the wallet yourself.

---

The saying that "people are the biggest vulnerability" hits hard; no firewall can stop an inattentive employee.

---

Why does it feel like every time it&#39;s the exchange that loses astronomical amounts? It&#39;s time to reflect on the operation and maintenance strategy.

---

With such little means, they can steal 1.4 billion; it really feels like the security level of CEX needs to be upgraded.