BitMEX has revealed it successfully stopped a phishing attempt by the Lazarus Group, a hacking network linked to North Korea. Attackers posed as a Web3 partner on LinkedIn, trying to trick a BitMEX employee into running malicious GitHub code.

BitMEX's security team detected the threat early and linked it to infrastructure previously associated with Lazarus.

The exchange noted Lazarus uses simple phishing before more advanced hacks. A failed operational safeguard even exposed an IP address tied to North Korean operations, located in Jiaxing, China.

Experts believe the group's hacking efforts are split among subgroups, each with different technical skill levels.

Lazarus has been blamed for a sharp rise in crypto thefts. Chainalysis reported North Korean-linked actors stole$1.34 billion in 2024, accounting for 61% of the total stolen in crypto-related crimes that year.

Social engineering remains their primary entry tactic, as seen in major incidents like the Bybit and Radiant Capital hacks.

The group continues to launch daily fraud attempts using a mix of phishing, fake job offers, and malicious files to compromise individuals and organisations across the crypto space.

Would you like to learn more about AI, tech and digital diplomacy? If so,ask our Diplo chatbot!