DeFi Protocol Subjected to Cyberattack by North Korea, Co-Founder Says

deBridge, a cross-chain interoperability, and liquidity transfer protocol, has allegedly suffered a cyberattack allegedly, which was apparently conducted by Lazarus Group, a hacker collective linked to the North Korean government.

Bad actors attempted to trick the team into opening a PDF file named “New Salary Adjustment” by making it look like it was sent from an email address that belongs to the project’s co-founder.

One of the employees ended up downloading and opening the suspicious file.

The deBridge team ended up investigating the suspicious email. It found out that opening the PDF file would require entering a password. The downloaded archive also contained an LNK file, which is masked as a password file. Once opened, it executes a cmd.exe command that infects the entire system.

Files with the same names were attributed to Lazarus Group in the past, which is why the deBridge team believes that North Korea is likely behind the attempted attack.

The $100 million Harmony hack, which took place in November, were also attributed to Lazarus Group. North Korean hackers were also behind the $625 million Ronin hack.

Earlier this week, Bloomberg reported that North Koreans were plagiarizing LinkedIn resumes in order to get hired by cryptocurrency firms remotely. As reported by U.Today, U.S. authorities issued a warning to IT firms, including crypto firms. In May, Jonathan Wu, head of growth at Aztec Network, shared his own story about how a North Korean hacker attempted to get a job at this place.