Researchers at crypto exchange BitMEX on Friday said that they had uncovered several critical missteps that North Korean state-sponsored hacker group Lazarus had made during its campaigns.

Those lapses included exposed IP addresses, an accessible Supabase database, and tracking algorithms.

One finding was a rare slip-up in which a hacker likely revealed their real IP address during operations. The IP was traced to the Chinese city of Jiaxing, near Shanghai, and represents a significant lapse for the notoriously secretive group.

This story is an excerpt from the Unchained Daily newsletter.  

To get these updates in your email for free, subscribe here.

BitMEX’s analysis revealed an internal divide within Lazarus, with the group splintering into sub-groups with varying levels of technical skill. Lower-skilled teams focus on social engineering and phishing, while more advanced members handle sophisticated post-exploitation and code development, it found.

Since Lazarus emerged in 2007, it is estimated to have misappropriated crypto worth more than $3.4 billion.