Hackers Behind Perseus Wallet Shutdown

Another day, another cryptocurrency exchange destroyed by a hack. This time it’s Perseus, a Turkish exchange, that suddenly went offline.

As reported by CoinTelegraph earlier this month, the website was shut down on the last day of April. Visitors to the site’s homepage that day were greeted with a cryptic message stating that the exchange was shutting down due to a lack of liquidity. A few days later, the platform disappeared completely.

Unusual activity was initially detected by the cyber-security arm of a Dubai based AI start-up, Bitsquant Technologies, which had numerous users interacting with the now-defunct Perseus wallet on a daily basis. According to a source familiar with the matter, the Bitsquant team expressed concerns to Perseus representatives after noticing steady outflows of entire token balances, including one worth tens of millions of dollars, to an address identified by Etherscan as the “Perseus Liquidator.” Initially, Perseus reps dismissed the concerns as routine withdrawals, but weeks later, under mounting pressure, a company director named Burak Aksoy confirmed in a statement to local media that the outflows were indeed the result of a security breach.

In his statement, Burak explained that the exchange had been hacked, resulting in the loss of over 600 BTC for several users and technical accounts. He placed the blame on prior operators of the exchange, stating that they had left him alone to deal with the immense deficit. Burak expressed his efforts to navigate the situation and salvage the exchange, “For the last 2 months I have been doing everything with the whole team to bring us out of this stalemate. Until the last days I was hoping that this catastrophe would be avoided – for hundreds of clients and myself.”

Before concluding his statement, Burak expressed optimism, mentioning that additional service models provided by the exchange, such as Staking and Yield-Farming products, remained unaffected, ensuring the preservation of funds. He assured that the team was actively exploring strategies to mitigate user losses and requested forgiveness, patience, and the right to defend themselves.

An analysis conducted by blockchain cybersecurity firm CertiK revealed that a vulnerable private key, likely generated by Profanity—a known app for generating vanity crypto addresses—was targeted in the attack. This allowed the hacker to exploit a function associated with the private key, enabling them to modify the platform’s swap contract. Forensics attributed the hack to the Lazarus Group, a North Korean cybercriminal syndicate, based on the laundering techniques employed, which resembled previous Lazarus attacks.

Lazarus is believed to have gained control of Perseus employee login credentials, breaching the platform’s security system and deploying automated laundering programs to transfer their illicit gains. Claims of an “inside job” conspiracy were debunked by blockchain security firm BlockSec, who deemed the allegations insufficiently convincing.