ChainCatcher news, according to TechCrunch, Aleksej Besciokov, co-founder of the Russian cryptocurrency exchange Garantex, was arrested by local police in Varkala, Kerala, India on March 12. The exchange had previously been sanctioned by the EU and the US government.Indian police confirmed that the arrest was based on a warrant issued by the Patiala House Court in New Delhi, executed at the request of the US government. A spokesperson for the US Department of Justice, Nicole Oxman, confirmed this news to TechCrunch but declined to comment further.Last week, the US Department of Justice charged Besciokov with personally approving transactions on Garantex related to North Korean government hackers and other cybercriminals, and filed criminal charges against him for assisting in money laundering through the cryptocurrency exchange. US authorities have frozen over $26 million in cryptocurrency assets and seized Garantex's website.

ChainCatcher news, according to Decrypt, the Socket research team has discovered in a new attack that the North Korean hacker group Lazarus is associated with six new malicious npm packages that attempt to deploy backdoors to steal user credentials.Additionally, this malware can extract cryptocurrency data and steal sensitive information from Solana and Exodus crypto wallets. The attacks primarily target files from Google Chrome, Brave, and Firefox browsers, as well as keychain data on macOS, specifically tricking developers into inadvertently installing these malicious packages.The six discovered malicious packages include: is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator. They lure developers into installation through "typosquatting" (exploiting misspelled names). The APT group has created and maintained GitHub repositories for five of these packages, disguising them as legitimate open-source projects, increasing the risk of developers using the malicious code. These packages have been downloaded over 330 times. Currently, the Socket team has requested the removal of these packages and reported the related GitHub repositories and user accounts.Lazarus is a notorious North Korean hacker group, linked to the recent $1.4 billion Bybit hack, the $41 million Stake hack, the $27 million CoinEx hack, and countless other attacks in the crypto industry.

ChainCatcher news, Safe announced that its joint security investigation with Mandiant (now part of Google Cloud) has made significant progress and confirmed that the theft incident on Bybit on February 21 was perpetrated by the North Korean hacker group TraderTraitor, which has previously targeted the crypto industry multiple times.The attackers compromised the laptop of a Safe{Wallet} developer and hijacked an AWS session token to bypass multi-factor authentication controls. This developer is one of the few with higher privileges to perform their duties.Safe calls on the Web3 ecosystem to collectively address the increasingly complex security threats and to enhance the optimization of transaction verification tools to improve user security. The official team has released a detailed transaction verification guide and plans to further optimize the user experience to reduce potential risks.

ChainCatcher news, on-chain detective ZachXBT and THORChain developer JP are in a dispute over the Asgardex fee issue. The core of the argument revolves around whether Asgardex should return the $900,000 fee obtained from the Bybit hacker's money laundering. ZachXBT believes that Asgardex should return the funds, otherwise it is a crime, while JP argues that open-source wallet developers are dedicated to self-custody wallet development and will not return the funds unless required by regulatory enforcement. He also questions why there is no demand for Ethereum and Bitcoin nodes to return transaction fees.Additionally, ZachXBT mentioned in the dispute that last year he discovered that projects related to JP had not conducted any due diligence, mistakenly hiring North Korean IT workers as developers, who had been employed for several months before being alerted by him, but this had never been publicly disclosed.

ChainCatcher news, according to Bitcoin.com News, North Korea's Lazarus group has accumulated nearly $1 billion in cryptocurrency, including $592 million in ETH, $319 million in BTC, and even $337,000 in BABYDOGE.

ChainCatcher news, "on-chain detective" ZachXBT revealed in a personal channel that an unknown victim was attacked by the North Korean hacker Lazarus Group on February 28 on Tron, resulting in a loss of approximately $3.1 million. The funds were transferred from Tron to Ethereum, and the ETH was split into ten addresses before being deposited into Tornado Cash.

ChainCatcher news, ChatGPT developer OpenAI recently stated that the company has banned and removed accounts from North Korean users, who are suspected of using its technology for malicious activities, including surveillance and manipulation of public opinion.OpenAI pointed out in a report that these activities are ways authoritarian regimes may use AI technology to exert control over the United States and their own citizens. The company also added that they use AI tools to detect these malicious operations. OpenAI did not disclose the specific number of banned accounts or the timeframe of the related actions.In one case, malicious actors possibly linked to North Korea used AI to generate fake resumes and online profiles of job seekers with the aim of fraudulently applying for positions at Western companies.Additionally, there is a batch of ChatGPT accounts suspected of being related to financial fraud in Cambodia, which utilize OpenAI technology to translate and generate comments on social media and communication platforms, including X and Facebook.

ChainCatcher news, according to an announcement from the FBI, the Federal Bureau of Investigation has issued a Public Safety Announcement (PSA) confirming that a North Korean hacking group is responsible for the theft of approximately $1.5 billion in digital assets from the Bybit exchange.The FBI stated that the hacking group acted quickly, converting some of the stolen assets into Bitcoin and other digital assets, and dispersing them to thousands of addresses across multiple blockchains. It is expected that these assets will be further laundered and eventually converted into fiat currency.

ChainCatcher news, Slow Mist founder Yu Xian posted on social media that the theft of 12,000 ETH last year was carried out by the Eastern European hacker group Inferno Drainer, not North Korean hackers. The money laundering methods have some overlap with North Korean hackers, making it very difficult to recover the funds.

ChainCatcher news, Slow Mist founder Yu Xian posted on social media, "Through forensic analysis and correlation tracking, we confirm that the attackers of the CEX theft incident are the North Korean hacker group Lazarus Group. This is a nation-state APT attack targeting cryptocurrency trading platforms. We have decided to share the relevant IOCs (Indicators of Compromise), which include some IPs of cloud service providers, proxies, etc. It is important to note that this disclosure does not specify which platform or platforms were involved, nor does it mention Bybit; if there are similarities, it is indeed not impossible."The attackers utilized pyyaml for RCE (Remote Code Execution), enabling the delivery of malicious code to control target computers and servers. This method bypassed most antivirus software. After synchronizing intelligence with partners, multiple similar malicious samples were obtained. The main goal of the attackers is to gain control over wallets by infiltrating the infrastructure of cryptocurrency trading platforms, thereby illegally transferring a large amount of cryptocurrency assets from the wallets.Slow Mist published a summary article revealing the attack methods of the Lazarus Group, and also analyzed their use of social engineering, vulnerability exploitation, privilege escalation, internal network penetration, and fund transfer tactics. At the same time, based on actual cases, they summarized defense recommendations against APT attacks, hoping to provide references for the industry and help more institutions enhance their security capabilities and reduce the impact of potential threats.

ChainCatcher news, according to Arkham monitoring, on-chain detective ZachXBT submitted conclusive evidence at 3:09 AM Beijing time, confirming that the attack on Bybit was carried out by the North Korean hacker group Lazarus Group.ZachXBT's analysis report includes detailed information such as test transactions before the attack, associated wallet analysis, multiple forensic charts, and timeline analysis. The report has been submitted to the Bybit team to assist in their investigation.

ChainCatcher message, Slow Fog Yu Xian posted on platform X stating: "Although there is currently no clear evidence, based on the methods used for Safe multi-signature and the current money laundering techniques, it resembles North Korean hackers. North Korean hackers, if I have wronged you, please correct me, and I will apologize..."

ChainCatcher message, according to lmk.fun (formerly Scopescan) monitoring, the North Korean hacker who previously traded on Hyperliquid has had their $704,000 worth of ETH liquidated and currently holds $2,872.Previously, crypto KOL Tay stated on the X platform that he has monitored multiple flagged North Korean hacker addresses recently trading on Hyperliquid, with total losses exceeding $700,000.

ChainCatcher news, according to The Block, multiple blockchain security experts have pointed out that a North Korean hacker group may be behind the theft incident of the Singapore cryptocurrency exchange Phemex. The attackers stole over $70 million in crypto assets, including approximately $16 million in SOL, $12 million in XRP, and $5 million in Bitcoin.MetaMask Chief Security Researcher Taylor Monahan stated that the attackers simultaneously stole a large amount of assets across multiple chains and quickly exchanged stablecoins with a high risk of freezing for ETH. Phemex CEO Federico Variola confirmed the security of the cold wallet, and the platform is developing a compensation plan for the victims.