Attack tactics and security response

Collection item

The Lazarus Group targeted a BitMEX employee in May 2025 through LinkedIn, using a fake NFT project as a lure to deliver malicious code.

The BitMEX security team analyzed a social engineering attack attempt involving a fake NFT project invitation and uncovered indicators of compromise, including potential attacker IP addresses and significant operational security failures by the Lazarus Group.

A BitMEX employee who was contacted via LinkedIn by a Lazarus Group-affiliated attacker posing as a Web3 collaborator in May 2025 quickly recognized the phishing attempt and alerted the company’s security team, prompting a full investigation.

BitMEX developed an automated monitoring tool after uncovering a misconfigured Supabase database used by Lazarus Group malware, which led to the identification of at least 10 accounts likely used for malware testing and development.

Data source type

Collection data source

Filter

{"where":{"AND":[{"attribute":"Jfmby78N4BCseZinBmdVov","is":"KeG9eTM8NUYFMAjnsvF4Dg"}]}}