##

Recently, the North Korean hacking group Lazarus Group launched a cyberattack called “Operation 99” targeting Web3 and cryptocurrency developers. The attackers impersonated recruiters, luring developers into fake project testing and code reviews through platforms like LinkedIn. They then induced developers to clone a GitLab repository containing malicious code, which injected malware into their systems. These cross-platform malware can steal sensitive data such as passwords, API keys, and cryptocurrency wallet information. They maintain a connection through highly obfuscated command and control servers to conceal their actions. Slowmist CISO 23pds issued a warning on social media, reminding developers to be vigilant and avoid becoming targets.