The North Koreans invested great effort in creating and promoting the game that apparently drained users’ wallets.
The North Korean Lazarus Group of hackers used a fake blockchain-based game to exploit a zero-day vulnerability in Google’s Chrome browser and install spyware that stole wallet credentials. Kaspersky Labs analysts noticed the exploit in May and reported it to Google, which has fixed it.
The hacker’s play-to-earn multiplayer online battle arena game was fully playable and had been promoted on LinkedIn and X. The game was called DeTankZone or DeTankWar and used non-fungible tokens (NFTs) as tanks in a worldwide competition.
Users were infected from the website, even if they did not download the game. The hackers modeled the game on the existing DeFiTankLand.
