OKX - World's Leading Digital Asset Platform for Secure Bitcoin & Ethereum Trading. Download Official APP for Professional Market Analysis & Trading Tools.
Download for Android Download for IOS
BitMEX's cybersecurity team has identified significant operational security vulnerabilities within the Lazarus Group, the notorious North Korean state-sponsored hacking collective. The discovery came during a counter-operations investigation that revealed the group's IP addresses, internal databases, and tracking algorithms. 【Security analysts confirmed】 the hackers failed to maintain consistent VPN usage, leading to accidental exposure of their true locations.
One critical finding showed a hacker's actual IP address originating from Jiaxing, China — a rare operational mistake for the typically disciplined group. The BitMEX team additionally accessed the hackers' Supabase database instance, uncovering their infrastructure for deploying malicious applications. ——This marks the first confirmed physical location tied to Lazarus operatives in 2025——
The report highlights a striking divide between the group's low-level social engineering teams and their advanced technical exploit developers. BitMEX researchers suggest this indicates fragmentation within the organization, with distinct subgroups operating at varying capability levels. Interestingly, while entry-level hackers use basic phishing tactics, their backend teams develop sophisticated code exploits targeting blockchain protocols.
Following multiple high-profile attacks attributed to Lazarus, international agencies have escalated warnings. The FBI's September 2024 alert detailed North Korea's employment scam tactics, later reinforced by joint advisories from Japan, South Korea and the US. As of press time, G7 nations are reportedly considering coordinated measures against the group's cryptocurrency theft operations, which have siphoned billions from global financial systems.
The compromised Supabase instance provides unprecedented insight into Lazarus' attack infrastructure. Security experts note the database contained tracking algorithms used to monitor victims, suggesting the group may need to rebuild critical operational tools. Remarkably, this infrastructure leak coincides with increased malware deployment attempts, with 【147 new infections】 logged during BitMEX's observation period.
——The operational security failures present rare counterterrorism opportunities—— analysts observe, as law enforcement agencies work to connect the Jiaxing IP address to known Lazarus operatives. Meanwhile, cryptocurrency exchanges worldwide are implementing new protocols to detect the group's signature social engineering patterns.