North Korean hackers are escalating their efforts to infiltrate cryptocurrency companies by posing as IT professionals, a tactic that has prompted warnings from top industry executives and cybersecurity experts.
Binance co-founder Changpeng “CZ” Zhao recently cautioned that these state-sponsored operatives are applying for jobs in development, security, and finance to gain an internal foothold. In other instances, they pose as recruiters to interview a company’s current staff. During these fake interviews, they feign technical difficulties and trick employees into downloading malicious software disguised as a necessary update. Zhao also noted that hackers send malicious code samples during technical assessments, dispatch phishing links to customer support, and attempt to bribe employees and vendors for data access. “To all crypto platforms, train your employees to not download files, and screen your candidates carefully,” he advised.
These concerns are echoed by Coinbase, which reported a new wave of similar threats last month. In response, CEO Brian Armstrong announced stricter internal security protocols, including mandatory in-person training in the US for all employees. Staff with access to sensitive systems will now be required to hold US citizenship and undergo fingerprinting. “It feels like there’s 500 new people graduating every quarter, from some kind of school they have, and that’s their whole job,” Armstrong remarked on the scale of the North Korean hacking operations.
Adding concrete evidence to these warnings, a group of ethical hackers known as the Security Alliance (SEAL) has compiled and published a repository of at least 60 North Korean agents impersonating IT workers. The database details their aliases, fake credentials, contact information, and professional profiles on platforms like GitHub.
These social engineering tactics represent a significant and growing threat. In one recent case, four North Korean operatives working as freelance developers stole a cumulative $900,000 from several crypto startups. The infamous Lazarus Group, a North Korean hacking syndicate, is widely suspected to be behind some of the industry’s most damaging heists, including the record-setting $1.4 billion Bybit hack. According to data from Chainalysis, North Korean hackers stole digital assets worth over $1.34 billion across 47 separate incidents in a single year, a 102% increase from the $660 million stolen the previous year.
Source link
