North Korea's Lazarus Hackers Blamed in deBridge Finance Cyberattack

Company co-founder Alex Smirnov warns all Web3 teams that the campaign is likely widespread.

AccessTimeIconAug 5, 2022 at 6:27 p.m. UTC
Updated May 11, 2023 at 6:47 p.m. UTC

The victim of an email-based cyberattack, cross-chain protocol deBridge Finance says its investigation shows the action likely came from the North Korea-associated Lazarus Group.

The attack took the form of an email address spoofing that of deBridge co-founder Alex Smirnov. Though most employees reported the suspicious email, one downloaded and opened the associated file.

The company's probe of the hack shows a similar attack vector to those noticed in other cyberattacks by North Korea's Lazarus Group, said Smirnov in a lengthy Twitter thread.

"PSA for all teams in Web3," wrote Smirnov, "this campaign is likely widespread."


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Stephen Alpher is CoinDesk's co-regional news chief, Americas. He holds BTC above CoinDesk’s disclosure threshold of $1,000.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.