2023-04

Merlin DEX

🇬🇧 United Kingdom

2023-04

Terraport Finance

Terraport Finance was exploited on April 10, 2023 after a breach was detected in the Terraport Liquidity wallet, prompting the team to work with community members and major exchanges to secure and blacklist affected funds. A later postmortem described Ter…

🇬🇧 United Kingdom, 🇰🇷 Korea, Republic of

2023-03

3CX

SmoothOperator was a 3CXDesktopApp supply-chain compromise in which trojanized signed installers loaded malicious DLLs, retrieved encoded payload data from GitHub-hosted ICO files, and deployed follow-on malware including infostealer functionality against…

🇺🇸 United States

2023-03

MagicLine

Lazarus abused DreamSecurity MagicLine4NX and related South Korean security-software distribution paths for watering-hole and supply-chain access against domestic targets in media, technology, defense, chemical, and other sectors. Reporting described expl…

🇰🇷 Korea, Republic of

2023-03

South Korean Manufacturing Company

The South Korean manufacturing intrusion was included in a U.S. Justice Department case charging Rim Jong Hyok and co-conspirators over an Andariel campaign tied to North Korea’s Reconnaissance General Bureau. The indictment alleged that proceeds from Mau…

🇰🇷 Korea, Republic of

2023-01

Seoul Central District Court

South Korean judicial network reporting described a long-running breach of court systems in which North Korea-linked operators, later identified in several reports as Lazarus, compromised systems including Active Directory and internal servers and exfiltr…

🇰🇷 Korea, Republic of

2023-01

Taiwanese Defense Company

The Taiwanese defense contractor intrusion was included in the U.S. Justice Department’s Andariel case against Rim Jong Hyok and alleged co-conspirators tied to North Korea’s Reconnaissance General Bureau. Prosecutors said the group used laundered Maui ra…

🇹🇼 Taiwan

2022-11

Deribit

In November 2022, Deribit suffered a hot-wallet theft of about $28 million across Bitcoin, Ethereum, and USDC. The exchange paused withdrawals, said client assets and cold-storage funds were unaffected, and covered the loss from company reserves; linked t…

🇵🇦 Panama

2022-11

Massachusetts Defense Company

The Massachusetts defense company intrusion was included in the U.S. Justice Department’s Andariel case charging Rim Jong Hyok and alleged co-conspirators linked to North Korea’s Reconnaissance General Bureau. The indictment alleged that Maui ransomware p…

🇺🇸 United States

2022-10

Algorand

Algorand was listed among cryptocurrency incidents in ZachXBT reporting that traced roughly $200 million stolen across 25 hacks from August 2020 to October 2023 to Lazarus Group, also described as Bluenoroff or APT38. The linked analysis described a DPRK-…

🇸🇬 Singapore

2022-09

Gera Coin

GERA reported that a private-key leak allowed attackers to transfer ownership of the token smart-contract deployer, create additional contracts, mint unauthorized GERA on Ethereum and Binance, send tokens to decentralized exchanges, and move tokens to cen…

🇺🇸 United States

2022-08

Nomad Bridge

Nomad Bridge was compromised through an implementation bug in the Replica contract that allowed forged messages to pass authentication because an unproven message could map to bytes32(0) and acceptableRoot(bytes32(0)) returned true. Post-incident material…

🇺🇸 United States

2022-07

Maui Ransomware

North Korean state-sponsored actors, with later reporting linking a 2021 case to Andariel, used Maui ransomware in a manually operated encryption campaign affecting healthcare and other financially viable organizations in the United States and Japan. The …

🇺🇸 United States, 🇯🇵 Japan

2022-07

H0lyGh0st Ransomware

DEV-0530, a North Korea-origin ransomware cluster with suspected overlap with PLUTONIUM/Andariel tooling and infrastructure, used H0lyGh0st ransomware against small and midsize businesses from at least September 2021. The campaign encrypted Windows system…

🇺🇸 United States

2022-06

Harmony Bridge

In June 2022, Harmony’s Horizon Bridge lost about $100 million in virtual currency after attackers compromised bridge-validator private keys and moved assets including USDC, ETH, USDT, BNB, and other tokens through wallet hopping and Tornado Cash. Harmony…

🇺🇸 United States