Lazarus used a fake DeFi tank game, DeTankZone, to target Bitcoin and cryptocurrency users while exploiting the Google Chrome zero-day CVE-2024-4947 from detankzone[.]com. The campaign began around February 2024 and was identified after researchers found a new Manuscrypt backdoor variant on a Russian customer system, with delivery supported by spear-phishing emails, LinkedIn personas, and social media promotion. The exploit abused Chrome's Maglev JIT/type confusion path to access Chrome process memory, exposing browsing history, saved passwords, tokens, and cookies, and the attackers also used a V8 sandbox-escape issue to execute shellcode. The shellcode gathered CPU, BIOS, OS, anti-VM, and anti-debugging data and sent it to Lazarus C2 for reconnaissance, indicating victim triage before follow-on activity. The report links the operation to cryptocurrency theft risk because the targeting and Lazarus tradecraft aligned with prior financially motivated campaigns.