DragonEx Hacked for $7 Million
Summary
On March 24, 2019, DragonEx, a Singapore-based cryptocurrency exchange, was hacked for $7 million. The attacker gained access to one of the exchange’s hot wallets, which are used to store user funds that are available for withdrawal.
Attackers
Attackers associated with Lazarus Group gained access through a sophisticated phishing attack. More about Lazarus
ETH
- DragonEx Hacker wallet: 0xa7f72Bf63EDeCa25636F0B13Ec5135296ca2eBb2
Losses
The attackers managed to steal a total of $7 million:
- 4.3 million USDT
- 2.2 million in BNB
- 300,000 USDC
Timeline
- March 24, 2022: The attacker gained access to one of the exchange’s hot wallets and began withdrawing funds.
- March 25, 2022: DragonEx became aware of the hack and suspended withdrawals.
Security Failure Causes
- Insufficient system security measures: The organization may not have had enough security measures in place to detect and prevent malware attacks. This could include not monitoring the network enough, not having intrusion detection systems, or not having enough protection against advanced malware threats.
- Lack of employee awareness and training: Human error or lack of awareness among employees could have played a role in the security failure. Employees may not have been trained enough to recognize and respond to phishing attempts, social engineering, or other attack vectors. This could have made the organization more susceptible to the initial malware infiltration.