- X-explore research speculates that attack on Poloniex exchange could be linked to North Korea hacker Lazarus Group.
- The attack is attributed to a leakage of private keys, akin to what the infamous hackers’ September attack on Stake.com, stealing $41 million.
- The normal withdrawal in Poloniex is the EIP-1559 type and now the attack transaction is in the Legacy type.
Poloniex centralized exchange, owned by Tron founder Justin Sun was exploited for about $125 million, with the controversial executive committing to making users 100% whole while putting out a 5% white hat bounty for the return of funds. As reported, the stolen assets were majorly distributed among ETH, BTC, and TRX together with other altcoins like FLOKI and AAVE, of low market capitalization.
Poloniex attacks possibly identified
Poloniex exchange attackers could be the infamous Lazarus Group from North Korea, according to X-plore research, which tabulated addresses and balances related to the hacker. Based on the investigation, the researcher opines that the attack was facilitated by a leakage of the private key, noting that “The normal withdrawal in Poloniex is the EIP-1559 type and now the attack transaction is in the Legacy type.”
According to X-plore, this finding leads to the conclusion that the attack may have been the handiwork of North Korea’s notorious hackers, the Lazarus Group, basing their assumption on the fact that a similar tactic was used against Stake.com in September.
3. We think this attacker is Lazarus Group, who attacked https://t.co/bsZOzOhmvl on 2023/9/4. The attack behaviour is similar:— X-explore (@x_explore_eth) November 10, 2023
a. Different tokens are saved at different addresses. It means each address only deals with one kind of token.
Specifically, the tactic is bi-factor, such that:
- Different tokens are saved at different addresses, meaning each address will only deal with one kind of token.
- A middle address is then used to swap the erc20/trc20 token on a decentralized exchange (DEX) and then transfer the ETH/TRX to the new address.
Stake.com attack by Lazarus Group
In a September report by the US Federal Bureau of Investigations (FBI), it was revealed that Lazarus Group executed a cyber-attack on an online casino and betting platform, Stake.com, stealing up to $41 million. The group is also called APT38, comprised of DPRK cyber actors according to the FBI.
In the attack, the exploiters moved stolen funds associated with the Ethereum, Binance Smart Chain (BSC), and Polygon networks from Stake.com into several virtual currency addresses.
Notably, if the perpetrator(s) is actually the Lazarus Group, then the chances of Sun’s 5% white hat bounty yielding fruit are slim to none, considering the Lazarus Group’s modus operandi.
Nevertheless, hope remains alive, considering Sun’s offer has yielded fruit only recently when HTX Global was hacked for $8 million.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.
If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.
FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.
The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.