CCT - Crypto Currency Tracker logo CCT - Crypto Currency Tracker logo
Cryptopolitan 2024-12-24 09:25:33

DPRK-identified addresses have swapped $200K through MetaMask in what looks like a crypto laundry test

Addresses identified as belonging to North Korean hackers have laundered $200K in crypto through MetaMask. This type of swap comes with high fees, but can be an exit point for hackers. A list of addresses linked to previous North Korean hacker exploits has surfaced in a series of MetaMask swaps. The addresses only swapped $200K in crypto assets, leaving $1,985 in swap fees. The MetaMask router is among the high-fee tools to swap crypto, but can be fast and accessible for hackers to obscure the origin of funds or avoid token freezing. While the sum was small, the event itself was ominous, given the perception that DPRK hackers don’t trade, but test. Hacking activity slowed down in the second half of 2024, but there are still signs of mixing and trying to conceal funds. The MetaMask discovery follows another episode of hacker addresses using Web3 services, DEXs and the wallet’s native router. Recently, inflows from hacker addresses were discovered on the Hyperliquid bridge. The perpetual futures DEX was not exploited in any way, but the event was also considered a test for moving funds. Some consider Hyperliquid to be still at risk, due to its limited validator points that can be exploited. MetaMask itself has not been compromised and has remained a secure wallet, barring personal mistakes. Taylor Monahan, @tayvano, also noted the wallet has been targeted in multiple ways by North Korean hackers, who are always looking for ways to unlock stored crypto. “MetaMask is and always has been concerned…We track DPRK carefully because they are the single largest threat to crypto companies. We also track every other crypto threat actors bc DPRK is largest but not the only threat,” said @tayvano in a recent X post . North Korean hackers avoid USDC as lockable asset While slowing down their exploits, North Korean hackers have been swapping funds and moving between chains. The list of wallets that used MetaMask swaps also has a long history of using various decentralized protocols. The wallets swap between Ethereum (ETH) and stablecoins USDT and USDC . Both stablecoins are, in theory, freezable assets, but especially USDC. For that reason, the wallets always swap back to ETH or other tokens, or move to the Arbitrum chain for some of the tasks. The wallets never keep a USDC balance for long, despite the highly active usage of the token. The two addresses were highly active, interacting with ENS accounts, OpenSea users and web3 protocols. The swaps continued in the past few hours, again with the main task of moving funds on a relatively small scale. 0x52263cAEc2e144C3A84cc16d014157360Ac85A89 0x070cA92f568037d351666b3918a0F6ba7ad20ED1 The wallet activities and their counterparties connect to some of the most active recent protocols, meme tokens, NFTs and other assets. However, most of the activity centers around swapping into stablecoins as a temporary step. Wallet activity raises more concerns about the safety of Hyperliquid The recent swaps were relatively minor, with transactions under $500. However, some of the wallet counterparties showed interactions with DEXs and DeFi hubs, often transacting with the Hyperliquid bridge. The alleged hacker wallet histories also contain interactions with Hyperliquid from the past few hours and days. For now, the protocol has not been attacked directly, but some consider it another tool for mixing funds or trading to obscure the origin of tokens. The Hyperliquid bridge is the biggest concern for attacks, since the hub’s value grew exponentially. The bridge holds more than $2B, and may not be sufficiently protected , according to @tayvano. For now, there is no other direct link between the MetaMask swap users and a potential attack against the bridge. The MetaMask swaps may be a part of general activity to move between assets with minimal tracking. North Korean hackers reportedly doubled their haul in 2024, potentially taking up to $1.3B from the crypto market. Most of the activity was concentrated in the first half of the year, with major hacks slowing down in the last quarter. From Zero to Web3 Pro: Your 90-Day Career Launch Plan

면책 조항 읽기 : 본 웹 사이트, 하이퍼 링크 사이트, 관련 응용 프로그램, 포럼, 블로그, 소셜 미디어 계정 및 기타 플랫폼 (이하 "사이트")에 제공된 모든 콘텐츠는 제 3 자 출처에서 구입 한 일반적인 정보 용입니다. 우리는 정확성과 업데이트 성을 포함하여 우리의 콘텐츠와 관련하여 어떠한 종류의 보증도하지 않습니다. 우리가 제공하는 컨텐츠의 어떤 부분도 금융 조언, 법률 자문 또는 기타 용도에 대한 귀하의 특정 신뢰를위한 다른 형태의 조언을 구성하지 않습니다. 당사 콘텐츠의 사용 또는 의존은 전적으로 귀하의 책임과 재량에 달려 있습니다. 당신은 그들에게 의존하기 전에 우리 자신의 연구를 수행하고, 검토하고, 분석하고, 검증해야합니다. 거래는 큰 손실로 이어질 수있는 매우 위험한 활동이므로 결정을 내리기 전에 재무 고문에게 문의하십시오. 본 사이트의 어떠한 콘텐츠도 모집 또는 제공을 목적으로하지 않습니다.