BitMex, cryptocurrency exchange and derivative trading platform owned by HDR Global announced that it has stopped an hacking attempt by the Lazarus Group. The Lazarus group is a notorious crypto hacking team linked to North Korea. This group has been associated with major crypto-related hacks, including the Phemex, WazirX, Stake, and the ByBit breaches. Out of these hacks, the ByBit hack – dubbed as the largest hack in the history of crypto –  resulted in a loss of up to $1.4 billion-worth of Ethereum coins. 

But despite the team’s hacking prowess, BitMEX managed to stop their recent attempt. The BitMEX team even went ahead to analyze the hacker’s code, revealing some interesting information. 

Lazarus Group’s Attempt to Hack BitMEX Stopped

Seychelles-based crypto exchange BitMEX announced how it stopped an attempted-hack by the formidable North Korean hacking organization. As per the May 30 X post, a Lazarus Group hacker tried to access the exchange’s data through the phishing method. However, the BitMEX cybersecurity team identified and stopped the hacking attempt before any damage was done. 

“Think twice before clicking that “Web3 collab” link! Our security team just thwarted a Lazarus Group phishing attempt, exposing their tactics AND a major OPSEC fail,” the post by BitMex read. 

Think twice before clicking that "Web3 collab" link!

Our security team just thwarted a Lazarus Group phishing attempt, exposing their tactics AND a major OPSEC fail.

We're now on their tail, watching their screw-ups.

Stay safe, stay vigilant!

Read the full story:… pic.twitter.com/pgIBFh4ojb

— BitMEX (@BitMEX) May 30, 2025

How the Attempted Hack Turned Into a Probe Revealing Key Data

The exchange further detailed the whole incident via a blog post. At first, an employee at BitMEX received a collaboration request from a potential “NFT Marketplace.” However, with the employee fully suspicious of the web3 project collaboration, they alerted the exchange’s security team. 

To gain more insight into the attempted breach, BitMEX’s security team requested the employee to pretend to fall for the trap. After back and forth with the alleged hacker, the employee received an invite into a private GitHub repository which had a code for a Next.js/React website. The attacker intended for the employee to run the code on their device. 

With BitMEX now having access to the code, the cybersecurity team analyzed it thoroughly after which they found malicious pieces of code. By utilizing the Webcrack tool, the team found out the code was intended to steal credentials. Further deobfuscation led to a discovery of a list of IP addresses from previously compromised computers. The team also found previous test runs. 

BitMEX also managed to identify crucial data including the Lazarus Group hacker schedule. The exchange found the data in a Super database where a China-based team member had left data incriminating other members of the team and their hacking schedule. 

Is BitMEX’s Exposé Enough to Stop the Hacker Group?

The Lazarus group is very notorious, but with the data revealed by BitMEX, security experts could get a step closer to understanding how the group operates. With information like the user profiles and working schedules, experts might gain more understanding of the group’s hacking strategies. 

Furthermore, the phishing strategy raises alarm for other crypto exchanges, which have become the group’s prime targets, to take caution. Employees must avoid clicking unknown links and collaborations with unverified web3 project owners. While the revealed information is not enough to stop the government-funded group, it could go a long way into mitigating the group’s future hacks.