It seems that cyberattacks and hacks are daily news in the crypto world.
deBridge Finance, cross-chain interoperability and liquidity transfer protocol, has been a victim of an attempted cyberattack targeting employees.
According to the Twitter thread posted by deBridge co-founder Alex Smirnov, a handful of deBridge employees have received emails called “New Salary Adjustments” pretending to be sent from Smirnov’s email address.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
How to Avoid Crypto Taxes? (Legal Ways Explained)
The majority of employees suspected that email is sent with malicious intentions and therefore didn’t open them. However, one employee took a chance and downloaded the attached PDF document.
Due to this action, the company has been forced to analyze the attack in great detail.
In his Twitter thread, Smirnov notes that the attack was not functioning on macOS, where it opens a normal PDF file. On the other hand, opening the file on a Windows operating system infects the whole system. The user first downloads the archive file, which contains a password-protected PDF and a file named "password".
According to Smirnov, the attack operates as follows: “user opens a link from email -> downloads & opens archive -> tries to open PDF, but PDF asks for a password -> user opens password.txt.lnk and infects the whole system”.
The deBridge investigation showed that it’s the text file that damages the system. It firstly checks for an anti-virus program. If the computer is not protected, it activates and starts to communicate with the hacker to receive commands.
Smirnov claims that the file names used in this attack were matching the ones Lazarus Group uses to execute their hacks.
Lazarus Group and its hackers commonly target DeFi projects and the crypto industry. Back in June, North Korea’s cybercrime group was associated with the $100M Harmony’s Horizons Bridge theft.
