According to BitMEX, in this instance, the attacker attempted to reuse malicious code called ‘BeaverTail’ previously attributed to the Lazarus Group by Palo Alto’s Unit 42.
Quote
Sources
BitMEX thwarts supposed Lazarus attack, discovers group's IP addresses and 'significant lapses' in security
Referenced by
A Lazarus Group-affiliated attacker targeted BitMEX in May 2025 by posing as a Web3 collaborator on LinkedIn and reused a malware component known as BeaverTail, a credential-stealing script previously attributed to the group by Palo Alto Networks’ Unit 42.
Crypto news
Claim
