The FBI has raised a red flag warning to the cryptocurrency sector regarding North Korea’s increased use of complex social engineering tactics to target employees of DeFi platforms, cryptocurrency companies, and individuals involved with cryptocurrency ETFs. North Korea’s Democratic People’s Republic has been actively deploying intricate cyberattacks aimed at infiltrating companies and stealing cryptocurrency assets. Despite stringent cybersecurity measures in place, the scale and persistence of these attacks have proven challenging even for cybersecurity experts. The FBI has issued a warning to companies in the cryptocurrency sector about a new wave of cyberattacks orchestrated by North Korean state-sponsored hackers targeting businesses involved in decentralized finance (DeFi), cryptocurrency exchange-traded funds (ETFs), and related industries through sophisticated social engineering campaigns.
These attacks are meticulously crafted social engineering tactics designed to deceive employees of targeted companies. Actors conduct extensive background checks on potential victims, including their social media activity and professional networking profiles, to construct individualized scenarios that appeal specifically to the victim’s background, skills, and interests. These approaches often include employment offers, corporate investments, or other legitimate opportunities. North Korean hackers establish rapport with their targets, engaging in prolonged communications to build trust and deliver malware under seemingly innocuous circumstances. They impersonate legitimate recruiters, technology firms, and known industry contacts using stolen imagery and fake identities to add credibility to their schemes. The FBI emphasizes that these hackers are fluent in English and deeply understand the technical aspects of the cryptocurrency field, making their deceptions difficult to detect.
In recent months, the FBI has observed detailed reconnaissance by North Korean cyber actors on companies associated with cryptocurrency ETFs, indicating active preparation for malicious activities against firms managing or connected to cryptocurrency ETFs. Given the advanced capabilities of North Korea and their relentless pursuit of cryptocurrency assets, the FBI stresses the importance of remaining vigilant and implementing robust security measures to mitigate risks. The warning outlines key indicators of North Korean social engineering activity, including requests to execute code or download applications on company-owned devices, offers of high-paying jobs from reputable firms without prior discussions, and unsolicited investment opportunities. The hackers may also push for the use of non-standard software or platforms and migrate professional communications to less secure messaging applications to gain unauthorized access to sensitive networks and financial assets.
To combat these threats, the FBI recommends a series of mitigation strategies for companies in the cryptocurrency space. Recent incidents, such as the WazirX hack resulting in a loss of $235 million, point towards North Korean hackers as suspects. Investigations have also revealed that North Korean nationals are posing as fake job applicants to infiltrate crypto projects for malicious purposes. Reports have exposed cyberattacks by North Korean hackers targeting cryptocurrency exchanges, fintech companies, and individuals in Brazil, with the Lazarus Group allegedly laundering over $200 million worth of crypto into fiat currency between August 2020 and October 2023, establishing them as a significant cyber threat to the crypto sector.
