North Korean Hackers Used Fake NFT Game to Steal Wallet Credentials: Report

Reports have emerged that bad actors allegedly linked to North Korea’s Lazarus group executed a complex cyberattack that used a fake NFT-based game to exploit a zero-day vulnerability in Google Chrome.

According to the report, the vulnerability eventually allowed attackers to access people’s crypto wallets.

Exploiting Chrome’s zero-day flaw

Kaspersky Labs security analysts Boris Larin and Vasily Berdnikov wrote that the authors cloned a blockchain game called DeTankZone and promoted it as a multiplayer online battleground (MOBA) with game-to-win (P2E ).

According to experts, they then embedded malicious code into the game’s website, detankzone(.)com, infecting devices that interacted with it, even without any download.

The script exploited a critical bug in Chrome’s V8 JavaScript engine, which allowed it to bypass sandbox protections and allow remote code execution. This vulnerability allowed suspected North Korean actors to install advanced malware called Manuscrypt, which gave them control over victims’ systems.

Kaspersky reported the flaw to Google when it was discovered. The tech giant addressed the issue with a security update days later. However, hackers had already taken advantage of it, suggesting a wider impact on users and businesses globally.

What Larin and his Kaspersky security team found interesting was how the attackers adopted extensive social engineering tactics. They promoted the tainted game on X and LinkedIn by engaging known crypto influencers to distribute AI-generated marketing material.

The elaborate setup also included professionally made websites and premium LinkedIn accounts, which helped create an illusion of legitimacy that lured unsuspecting players into the game.

Crypto Pursuits of the Lazarus Group

Surprisingly, the NFT game was not just a shell; it was fully functional, with game elements such as logos, attention screens and 3D models.

However, anyone who visited the P2E title’s malware-ridden website had their sensitive information, including wallet credentials, collected, allowing Lazarus to execute large-scale crypto heists.

The group has shown a sustained interest in cryptocurrency over the years. In April, chain researcher ZachXBT connected them to more than 25 crypto hacks between 2020 and 2023 that netted them more than $200 million.

Additionally, the US Treasury Department has linked Lazarus to the infamous Ronin Bridge hack of 2022, in which they reportedly stole over $600 million in ether (ETH) and USD Coin (USDC).

Data collected by 21Shares’ parent company 21.co in September 2023 revealed that the criminal group had more than $47 million in various cryptocurrencies, including Bitcoin (BTC), Binance Coin (BNB), Avalanche (AVAX) and Polygon (MATIC).

In total, they are said to have stolen more than $3 billion worth of digital assets between 2017 and 2023.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

2024 LIMITED OFFER on BYDFi Exchange – Up to $2888 Welcome Reward, Use this link to register and open a 100 USDT-M position for free!