Lazarus Used Fake NFT Game To Drain Wallets

Reading Time: 2 minutes
  • Lazarus Group used a fake NFT game to steal funds from crypto wallets
  • The group promoted the game on several platforms, including LinkedIn
  • Lazarus also exploited a vulnerability in Google Chrome

North Korean hacking group Lazarus used a fake NFT game and a vulnerability on the Google Chrome browser to drain crypto wallets. Known as “DeTankZone” and “DeTankWar,” the group promoted the game on social media platforms like X and LinkedIn and used a vulnerability on Google Chrome to drain interested players’ wallets. It’s unclear how much the hacking group stole using this method but Google has already patched the vulnerability in the browser, reducing the chances for the group to continue stealing funds using the fake game.

Battle Tanks Offered as NFTs

The tactic was reported by Kaspersky Labs’ researchers in May. The game was fully playable and employed a multiplayer approach with a play-to-earn model. Lazarus offered tanks as NFTs with players expected to join a global competition.

Unknown to the gamers, visiting the game’s website was enough to infect their machines even if they didn’t proceed with the download. The hackers implanted malware into the victim’s computers giving them access to crypto stored on wallets on those machines.

Security researchers revealed that the hacking group had invested in promoting the malicious game, adding that the tactic may have caught individuals and businesses unaware thus increasing the amount of funds stolen.

One of the Ways Lazarus Steals Crypto

The Lazarus group has been inventing new ways to siphon funds from unsuspecting victims. Cybersecurity experts have in the past, for example, discovered a scheme by the group to lure crypto exchange engineers with malware-infected crypto trading bots. The bots give the group access to the engineers’ development environments, consequently gaining access to an exchange.

They are also posing as blockchain engineers seeking employment in crypto firms and using malware to mimic genuine Windows commands.

With the hacking group turning to web3 games, it will likely continue creating genuine projects, including DeFi and centralized exchanges, to lure victims.

Share