OP Yesterday - 04:16 AM
Bahrain-based cryptocurrency exchange Rain.com was hacked in April, losing $16 million. An investigation has found that the North Korean group Lazarus was behind the attack, using social engineering through LinkedIn.
According to the data, the attackers gained access to Rain’s internal systems by posing as recruiters. They contacted one of the employees through LinkedIn, offering a job opening, and sent a link to complete a test task. The file contained the TraderTraitor malware, which allowed the hackers to access private keys and passwords for managing cryptocurrency wallets.
The FBI, together with Rain, tracked down some of the stolen funds, finding $760,000 in SOL cryptocurrency on the WhiteBIT exchange, located in Vilnius, Lithuania. The funds have been frozen pending their confiscation.
This is not the first time Lazarus Group has used such methods using the LinkedIn platform. According to the warrant, the hackers create fake profiles, posing as recruiters for well-known companies. After establishing contact with the victim, the communication moves to WhatsApp, Telegram or Slack, where malware is distributed to steal passwords.
According to the US Department of Justice, from 2017 to 2024, Lazarus Group carried out numerous thefts of virtual currency, receiving hundreds of millions of dollars. It was previously reported that the stolen funds are used to finance North Korea's nuclear program.
The Rain exchange has not yet provided official comments.
According to the data, the attackers gained access to Rain’s internal systems by posing as recruiters. They contacted one of the employees through LinkedIn, offering a job opening, and sent a link to complete a test task. The file contained the TraderTraitor malware, which allowed the hackers to access private keys and passwords for managing cryptocurrency wallets.
The FBI, together with Rain, tracked down some of the stolen funds, finding $760,000 in SOL cryptocurrency on the WhiteBIT exchange, located in Vilnius, Lithuania. The funds have been frozen pending their confiscation.
This is not the first time Lazarus Group has used such methods using the LinkedIn platform. According to the warrant, the hackers create fake profiles, posing as recruiters for well-known companies. After establishing contact with the victim, the communication moves to WhatsApp, Telegram or Slack, where malware is distributed to steal passwords.
According to the US Department of Justice, from 2017 to 2024, Lazarus Group carried out numerous thefts of virtual currency, receiving hundreds of millions of dollars. It was previously reported that the stolen funds are used to finance North Korea's nuclear program.
The Rain exchange has not yet provided official comments.
![[Image: eibpjgI.gif]](https://i.imgur.com/eibpjgI.gif)
![[Image: Sig.png]](https://i.ibb.co/xh4Mcd3/Sig.png)