The North Korean Lazarus Group exploited a zero-day vulnerability in Google Chrome by creating a fake blockchain-based game called DeTankZone or DeTankWar. The game, which involved NFTs and was promoted on LinkedIn and X, installed spyware on users’ devices and stole cryptocurrency wallet credentials. Users were infected even if they didn’t download the game.
The attack was orchestrated by the Lazarus Group, a notorious North Korean hacking collective that has repeatedly targeted the cryptocurrency industry. Kaspersky Labs discovered the exploit in May 2024 and alerted Google, which quickly patched the vulnerability. The Lazarus Group has a long history of stealing digital assets and has been linked to over $3 billion in crypto thefts between 2017 and 2023.
Kaspersky noticed the malicious activity in mid-May 2024, and Google patched the vulnerability within 12 days. Microsoft Security first flagged the game in February, but the hackers had removed the exploit before Kaspersky could further investigate.
The attack took place online through the fake game, which was accessible to users globally. The game was modeled after a legitimate project called DeFiTankLand and was distributed through popular platforms like LinkedIn and X.
The Lazarus Group has targeted cryptocurrencies for years due to their high value and ease of exploitation. Between 2020 and 2023, the group laundered over $200 million from 25 crypto hacks, including the Ronin Bridge attack, which netted them over $600 million in 2022. Their interest in crypto is likely driven by the substantial financial rewards.
The hackers exploited a zero-day vulnerability in Chrome’s V8 JavaScript engine, installing malware called Manuscrypt on users’ devices. This malware allowed them to access crypto wallet information. Although Google patched the vulnerability, the attack shows how sophisticated hackers like Lazarus can exploit unpatched browser vulnerabilities to target crypto users.
Kaspersky’s experts noted that the scale of this campaign suggests the hackers had ambitious plans, potentially affecting many users and businesses worldwide.
