Tank NFT Game Actually Malware

Malicious actors in the cryptocurrency space are always coming up with new ways to scam unsuspecting individuals new to the crypto world. Their latest tactic includes creating a fake game, which, when played, would actually infect your computer with malware.

Want to learn more about this event and who is behind it? Then keep reading as we will cover what happened, who executed the attack, and how you can ensure your computer wasn’t infected.

What is the NFT Tank Game Scam?

A group of well-known North Korean hackers who call themselves ‘Lazarus’ invented a game and then promoted it as a game that players could play to earn rewards. However, there were no rewards, and once the game was downloaded, it would take advantage of a vulnerability in the Chrome browser to infect your computer with malware.

This malware would compromise the PC, and give the hackers remote access. Thus allowing them to exploit a variety of crypto wallets and more. If you were unfortunate enough to be a victim, you likely found yourself eventually locked out of the game website and short on crypto.

How Was the Scam Executed?

The hackers didn’t come up with this scam at the last minute—rather, they spent years planning it. First, they spent time using a social engineering scam to take over or hack several Twitter/X accounts. These accounts were made in 2019, which is why we are reasonably certain the scammers aren’t the original owners.

While we aren’t sure who the accounts originally belonged to, the handles the scammers were operating under were @collectspin and @DeTankZone. Many of these handles had thousands of posts, though many of the older posts were deleted. Since this scam has been discovered the handle @DeTankZone has been deleted.

The scammers posted numerous advertisements for their games all over Twitter/X and whenever someone was interested, they would ask that individual to DM them. They also asked other crypto accounts to promote their website, and many did, increasing their victim pool. Once the messaging began, they would send malicious links to their game.

The game which was linked, was actually a game, though it is suspected that the scammers stole it from someone else. Anyone who made it this far, though, was likely disappointed as the game was very basic, and functioned like it was built over 20 years ago. It was built on the Unity blockchain and was called DeFiTankLand.

Once you were in the game environment, however, this is when the malware download would begin. Because of the Maglev upgrade to the Chrome browser, there was a vulnerability in the Chrome software that the malware took advantage of as the game website loaded, spreading into the user’s PC rapidly. Google has since released a fix for this vulnerability.

No matter how long you played the game, you would never win any NFTs as promised. Of course, by the time users realized this, it was too late, and their computers and crypto were likely compromised.

Although this was an elaborate scam, the cybersecurity firm behind the investigation, KasperSky, reported that they have found few victims—though there have been some who have come forward.

Related: The 8 Best Ways to Protect Your Cryptocurrency Investment

Who is Behind the Scam?

The North Korean hacker group, known as Lazarus, are the ones behind the scam. They have made it their goal to wreak as much havoc as possible on cryptocurrency blockchains, exploiting vulnerabilities to gain crypto. Since 2017, these hackers have been responsible for numerous hacks and scams, netting over $3 billion in crypto, $600 million of that in the last 12 months.

While exact details about the group are unknown, it is suspected that it is run by the North Korean government, and it is believed they began attacking blockchains as early as 2010. A North Korean defector has been one of the best sources of information about this group, and he reports that they are known within the North Korean government as the 414 Liaison Office.

Beyond just attacking blockchains, the group also executes banking hacks, reportedly stealing millions from banks around the world since 2008. While a few members of this group are known and have warrants issued for their arrest around the world, to date, none have been caught nor incarcerated.

Related: How to Find a Safe Online Casino

What to Do if You’re a Victim

There are so many scams in the cryptocurrency space, it’s not surprising that you may have gotten drawn up into the NFT game scam. If you suspect you were a victim you need to do the following:

·      Have your computer scanned for malware

·      Report the scam to local authorities (Those in the US can click here)

·      Be more aware going forward

Unfortunately, if you lost cryptocurrency to this scam, there is no way (currently) to get it back. While some governments may offer different solutions, it is assumed at this point that your crypto is lost.

How to Protect Yourself Against Crypto Scams

As mentioned above, if you were a victim of the NFT game, it’s important that you are more aware going forward. Whether you are new to the crypto industry or have been here for several years, we advise the following:

·      Never DM someone for access to a game or website. If it’s a legit website or game you will be able to check it out via a browser without clicking on any links.

·      Don’t click on links on social media from people you don’t know.

·      If one of your social media profiles is hacked, report it to the platform immediately.

·      If one of your friend’s social media profiles is hacked, remove them as a friend as soon as you become aware.

·      Use cybersecurity software or regular malware scans to protect your computer.

As you can see,  there are many small things you can do to ensure your future security when dealing with cryptocurrency. Above all else, remember that if something sounds too good to be true, it probably is.

You May Also Enjoy: Breaking News: Indodex Hacked