The Lazarus Group, a group of North Korean hackers, recently used a deceptive tactic involving a fake NFT game to exploit a Chrome vulnerability and steal cryptocurrency wallet credentials. The cyberattack, as reported by security analysts from Kaspersky Labs, took advantage of a zero-day flaw in Google Chrome to gain unauthorized access to users’ devices. The hackers targeted an NFT game called DeTankZone, marketing it as a play-to-earn multiplayer online battle arena (MOBA) to lure unsuspecting players.
The hackers embedded malware directly into the game’s website, detankzone.com, infecting any device that interacted with the site. The malicious script bypassed Chrome’s security protections, exploiting a vulnerability in Chrome’s V8 JavaScript engine to enable remote code execution. Through this method, the attackers installed Manuscrypt malware, gaining control over users’ devices and retrieving sensitive cryptocurrency wallet credentials without requiring downloads or other typical interactions.
Upon discovering the exploit, Kaspersky Labs promptly informed Google, which issued a security update to address the vulnerability. However, the attackers had already accessed several devices before the fix was implemented, raising concerns about the broader implications of such attacks on global cryptocurrency users and businesses.
Security analysts from Kaspersky noted that the Lazarus Group utilized advanced social engineering techniques to create an illusion of authenticity around the game. They developed a professional website and premium LinkedIn accounts to establish credibility, leveraging social platforms like X and LinkedIn to enlist well-known crypto influencers for promoting the fake NFT game using AI-generated marketing materials, thereby attracting a wide audience and increasing the attack’s effectiveness.
The fake NFT game was not just a cover; it was fully operational, including detailed gameplay elements like logos, 3D graphics, and user interfaces. However, the Lazarus Group had embedded Manuscrypt malware within the game’s website, enabling them to execute large-scale cryptocurrency theft. This incident adds to the group’s extensive history of targeting the crypto industry, with over 25 hacks and total losses exceeding $200 million between 2020 and 2023, as reported by on-chain investigator ZachXBT.
The Lazarus Group has been linked to major cryptocurrency heists, including the theft of over $600 million in ether (ETH) and USD Coin (USDC) through the Ronin Bridge hack in 2022. They have also been tied to cyberattacks targeting financial institutions and crypto platforms worldwide. Data from 21.co revealed that the group still holds over $47 million in various cryptocurrencies, including assets like Bitcoin (BTC), Binance Coin (BNB), Avalanche (AVAX), and Polygon (MATIC). Reports estimate that the Lazarus Group accumulated more than $3 billion in digital assets between 2017 and 2023, underscoring their persistent targeting of crypto markets and their substantial impact on the cryptocurrency industry.
The success of this attack relied heavily on social engineering, with polished promotional materials, AI-generated graphics, and credible-looking LinkedIn profiles used to convincingly disguise the fake NFT game as legitimate, effectively drawing in crypto enthusiasts and circumventing common cybersecurity defenses.
