BitMEX recently revealed that it was targeted by a phishing campaign allegedly connected to the North Korean Lazarus Group—the attack, which occurred in May 2020, aimed to compromise BitMEX employees through deceptive emails.
News: BitMEX detects and stops Lazarus’s NFT phishing attempt, calling their tactics “unsophisticated.” pic.twitter.com/kSOSvfH13h
— CoinGecko (@coingecko) June 2, 2025
The phishing emails claimed to offer job opportunities at BitMEX and included malicious attachments designed to steal login credentials. BitMEX’s security team detected the attempt quickly, preventing any breach of customer funds or sensitive data. According to BitMEX, the phishing campaign was unsophisticated, relying on basic social engineering tactics rather than advanced hacking techniques.
The North Korean hacker group Lazarus is employing a new strategy to spread malware by establishing fake cryptocurrency consulting firms, such as BlockNovas, Angeloper Agency, and SoftGlide. These companies, some of which are registered in the U.S., conduct fake job interviews to trick applicants into clicking on malicious links disguised as video recording prompts. This campaign, which began in 2024, has resulted in financial losses and is part of Lazarus Group’s history of cyberattacks in the cryptocurrency sector. The FBI is working to dismantle some of the fraudulent operations.
The Lazarus Group, believed to be backed by the North Korean government, has a history of targeting cryptocurrency exchanges and financial institutions worldwide. Despite the group’s reputation for sophisticated cyberattacks, this particular attempt stood out for its lack of complexity. The emails contained poor grammar and generic content, making them easily identifiable as fraudulent.
BitMEX’s swift response highlights the importance of robust cybersecurity measures in the crypto industry. The company stated that its employees are regularly trained to recognise and report phishing attempts. This proactive approach helped BitMEX avoid potential losses and maintain the security of its platform. The incident serves as a reminder for all crypto firms and users to remain vigilant against phishing attacks. Even well-known threat actors, such as the Lazarus Group, may resort to basic tactics, hoping to catch their targets off guard.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”