{"id":3474,"date":"2022-04-10T13:43:40","date_gmt":"2022-04-10T13:43:40","guid":{"rendered":"https:\/\/metaverseplanet.net\/blog\/?p=3474"},"modified":"2025-12-30T08:38:47","modified_gmt":"2025-12-30T08:38:47","slug":"defi-attacks","status":"publish","type":"post","link":"https:\/\/metaverseplanet.net\/blog\/defi-attacks\/","title":{"rendered":"Defi Attacks: Protect Your Crypto Coins from Advanced Threat Actors"},"content":{"rendered":"\n<p>Lazarus, an advanced and persistent threat actor (APT) renowned for its financial operations, has recently been targeted through the deployment of Trojanized distributed finance (DeFi) applications aimed at augmenting revenue through <strong>cryptocurrency<\/strong> theft.<\/p>\n\n\n\n<p>This strategy involves exploiting legitimate apps utilized for managing c<strong><em><a href=\"https:\/\/metaverseplanet.net\/blog\/crypto-wallets\/\" data-type=\"post\" data-id=\"11143\">ryptocurrency wallets<\/a><\/em><\/strong> by distributing malware that takes control of victims&#8217; systems. Operating since 2009, the Lazarus group stands out among state-sponsored APT entities due to its significant emphasis on financial gain.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-1024x576.jpg\" alt=\"Defi Attacks: Protect Your Crypto Coins from Advanced Threat Actors\" class=\"wp-image-9432\" srcset=\"https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-1024x576.jpg 1024w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-300x169.jpg 300w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-768x432.jpg 768w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-1536x864.jpg 1536w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-390x220.jpg 390w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-150x84.jpg 150w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>In a notable development, Lazarus has adapted to the evolving cryptocurrency landscape, incorporating non-tradable tokens (<strong>NFTs<\/strong>) and the distributed <strong>finance (DeFi)<\/strong> markets into its schemes. In December 2021, cybersecurity researchers from Kaspersky identified a new malware operation orchestrated by Lazarus, leveraging a Trojan DeFi application.<\/p>\n\n\n\n<p>This malicious application disguises itself as a legitimate program called &#8220;DeFi Wallet,&#8221; which is responsible for registering and managing cryptocurrency wallets. Upon execution, the Trojan installer initiates a stealthy malware deployment alongside the genuine app installer, discreetly compromising the victim&#8217;s system. The malware, effectively a Trojan Horse, is intricately overlaid onto the authentic app.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"684\" src=\"https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-2-1024x684.jpeg\" alt=\"\" class=\"wp-image-9433\" srcset=\"https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-2-1024x684.jpeg 1024w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-2-300x200.jpeg 300w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-2-768x513.jpeg 768w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-2-1536x1025.jpeg 1536w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-2-2048x1367.jpeg 2048w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-2-150x100.jpeg 150w, https:\/\/metaverseplanet.net\/blog\/wp-content\/uploads\/2023\/12\/They-Are-Using-Defis-To-Steal-Crypto-Coins-2-scaled.jpeg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong><em>Seongsu Park, a Senior Security Researcher at Kaspersky Global Research and Analysis Team (GReAT), remarked on Lazarus&#8217; persistent interest in the cryptocurrency industry.<\/em><\/strong> Over time, the group has demonstrated a capacity for devising sophisticated methods to entice victims while minimizing the likelihood of detection.<\/p>\n\n\n\n<p>The cryptocurrency and blockchain sectors, being dynamic and increasingly lucrative, not only attract scammers and phishers but also garner the attention of formidable entities like financially motivated APT groups. As the <strong><em><a href=\"https:\/\/metaverseplanet.net\/cryptocurrencies\/\">cryptocurrency<\/a><\/em><\/strong> market expands, Lazarus&#8217; engagement in this industry is anticipated to endure and potentially intensify.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">You may also like this content<\/h3>\n\n\n<ul class=\"wp-block-latest-posts__list wp-block-latest-posts\"><\/ul>","protected":false},"excerpt":{"rendered":"<p>Lazarus, an advanced and persistent threat actor (APT) renowned for its financial operations, has recently been targeted through the deployment of Trojanized distributed finance (DeFi) applications aimed at augmenting revenue through cryptocurrency theft. This strategy involves exploiting legitimate apps utilized for managing cryptocurrency wallets by distributing malware that takes control of victims&#8217; systems. Operating since &hellip;<\/p>\n","protected":false},"author":1,"featured_media":3475,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"googlesitekit_rrm_CAown96uCw:productID":"","footnotes":""},"categories":[322],"tags":[318],"class_list":["post-3474","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-metaverse1","tag-metaverse-news"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/metaverseplanet.net\/blog\/wp-json\/wp\/v2\/posts\/3474","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/metaverseplanet.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/metaverseplanet.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/metaverseplanet.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/metaverseplanet.net\/blog\/wp-json\/wp\/v2\/comments?post=3474"}],"version-history":[{"count":0,"href":"https:\/\/metaverseplanet.net\/blog\/wp-json\/wp\/v2\/posts\/3474\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/metaverseplanet.net\/blog\/wp-json\/wp\/v2\/media\/3475"}],"wp:attachment":[{"href":"https:\/\/metaverseplanet.net\/blog\/wp-json\/wp\/v2\/media?parent=3474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/metaverseplanet.net\/blog\/wp-json\/wp\/v2\/categories?post=3474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/metaverseplanet.net\/blog\/wp-json\/wp\/v2\/tags?post=3474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}