A cybercrime group Lazarus is likely behind the $30mln Bithumb hack

Lazarus, also known as HIDDEN COBRA, a purportedly North Korean group of attackers, was reported by Alien Vault experts to be responsible for the recent hack of the largest South Korean cryptocurrency trading platform. Bithumb’s files created in Hangul Word Processor, a document editor popular among locals, contained malicious code to download Manuscrypt malware.

According to the South Korean reports, the breach started earlier in May when malware samples were sent to cryptocurrency companies in a form of fake CVs. Although the hack seems very much unusual in terms of Lazarus previous attacks, the Group is a likely suspect. Together with South Korean researchers, Alien Vault experts suggest cybercriminals were targeting credentials, in addition to delivering malware. That’s why so many phishing domains in the run-up to the event were registered.

The South Korean Ministry of Science and Technology (MIC) says it has been investigating the security levels of twenty-one trading platforms between January and March of this year and has confirmed that most of them had security vulnerabilities. Namely, the insufficient network isolation, absence of monitoring systems for abnormal or suspicious activities, inadequate cryptographic key, and password security management.

Bithumb is South Korea’s number one cryptocurrency exchange based on trading of Ethereum. It is the most trusted digital asset market within the country alongside UPbit, Coinone, and Korbit, but it was hacked for the third time in 12 months. Even though the company launched a complimentary 10 000 ETH giveaway campaign for its users right after the attack, mainstream media outlets in South Korea already claimed hackers could breach into local cryptocurrency exchanges with ease. According to local security experts, the attackers only need to allocate sufficient resources to it.

In the case of Bithumb, Alien Vault analysts believe that, among other things, the Lazarus Group was aided by knowledge from previous hacks against banks. It should be reminded that the attempted theft of $1bln dollars from the Bank of Bangladesh, attacks against ATM networks as well as WannaCry and Sony Pictures breaches are all linked with HIDDEN COBRA.

Taking into account the gains available, it’s highly unlikely that the thefts from Lazarus won’t stop anytime soon.

Bithumb, the South Korean cryptocurrency exchange, now ranked as the six biggest trading venue in the world, urgently asked their customers not to deposit any funds into their hot wallets on the night of June, 20, and still asks users to refrain from making any deposits until a further announcement is released. In this announcement, the trading platform lays out that the hack resulted in 11 cryptocurrencies stolen, with 2,016 Bitcoin and 2,219 Ethereum taken.

Iuliia Sukhomlinova

A blockchain enthusiast and a content writer with a zest for technologies. My final goal is to help readers find what they need, understand what they find, and use what they understand appropriately.

Related Articles


  1. Esta firma es considerada por muchos como la compañía #1 de apuestas deportivas y de casinos en el país y el exterior. Además, es la casa patrocinadora del club River Plate. Permite elegir entre una gran lista de juegos slots online y promete máxima diversión y ganancia con increíbles bonos y promociones. En conclusión, no hay fórmulas secretas que garanticen el éxito en este juego. Lo mejor que podrás hacer es destinar unas buenas horas de práctica en las versiones gratuitas de las tragamonedas, ya sea desde nuestra sala de juegos gratis o desde las páginas oficiales de los casinos o los proveedores de software. No hay nada mejor que registrarse en un casino con dinero real, teniendo pleno conocimiento del juego en el que vas a apostar. ¡De igual forma, no olvides siempre jugar con responsabilidad!
    Cuando haya varios comentarios, aparecerán en primer lugar los más recientes, aunque también se tienen en cuenta otros factores: el idioma del comentario, si solo contiene una valoración, si también contiene una reseña escrita, etc. Si quieres, puedes ordenar los comentarios o filtrarlos (por momento del año, puntuación de los comentarios, etc.). 1751 Gentilly Blvd, 70119, New Orleans, LA No se permite que la aplicación publique en Facebook Las aportaciones de contenido deben ser adecuadas para todo tipo de público. No uses lenguaje vulgar o insultos en ningún idioma. Los comentarios y otro contenido que incluyan expresiones de odio, comentarios discriminatorios, amenazas, contenido sexual, violencia o que fomenten cualquier actividad ilegal no están permitidos. 1700 Joe Yenni Blvd. 70065 Kenner

  2. Hello, Neat post. There’s an issue along with your web site in web explorer, may check this?K IE still is the marketplace leader and a huge part of other folks will pass over your fantastic writing because of this problem.

  3. I am not sure where you are getting your information, but great topic.I needs to spend some time learning more or understanding more.Thanks for fantastic info I was looking for this information for my mission.