North Korean Hackers Target Cryptocurrency Firms
North Korean hackers are intensifying their attempts to breach cryptocurrency companies by masquerading as IT employees, raising new security concerns for the sector. This warning comes from Binance co-founder Changpeng “CZ” Zhao and a group of ethical hackers.
On Thursday, CZ raised an alert on X regarding the escalating threat of North Korean hackers who are trying to infiltrate crypto firms through job opportunities and even bribing exchange personnel for access to sensitive data.
“They pose as job candidates to try to get jobs in your company. This gives them a ‘foot in the door,’ specifically for employment opportunities related to development, security, and finance,” CZ stated.
Some North Korean agents are providing employees with coding questions to later send malicious “sample code,” while others impersonate users to share harmful links with customer support. Additionally, they may “bribe your employees and outsourced vendors for data access,” Zhao explained.
“To all crypto platforms, train your employees to not download files and screen your candidates carefully,” he advised.
Concerns from Other Platforms
This alert follows similar warnings from Coinbase, which noted a new wave of threats last month.
In response, Coinbase CEO Brian Armstrong rolled out new internal security protocols, which include mandatory in-person training for all employees in the US. Workers with access to critical systems will also be required to be US citizens and undergo fingerprinting.
“We can collaborate with law enforcement […] but it feels like there are 500 new people graduating every quarter from some kind of school they have, and that’s their whole job,” Armstrong remarked during an interview on the Cheeky Pint podcast with host John Collins.
More Read
Ethical Hackers Expose North Korean Agents
Zhao’s warning was supported by a group of ethical hackers called Security Alliance (SEAL), who compiled profiles of at least 60 North Korean agents posing as IT professionals under false identities, attempting to infiltrate US crypto exchanges to obtain sensitive user information.
“North Korean developers are eager to work for your company, but it’s important not to get scammed by impostors when hiring,” said Security Alliance in a Wednesday post on X, sharing their new repository for North Korean impersonators.
This repository contains essential information on North Korean impersonators, which includes aliases, fake names, and email addresses used, as well as a list of both legitimate and fraudulent citizenships, addresses, locations, and the firms that have employed them.
Details on salaries, GitHub profiles, and all related public associations are also documented for each impersonator.
Recent Attacks and Rising Threat
In June, four North Korean operatives infiltrated several crypto companies as freelance developers, stealing a total of $900,000 from these startups, showcasing the increasing danger, as reported.
The white hat SEAL team, led by ethical hacker and Paradigm researcher Samczsun, was created to counter these exploits. SEAL conducted over 900 hack-related investigations within its first year, highlighting the growing demand for ethical hackers, in August 2024.
North Korean hackers, including the notorious Lazarus Group, are the primary suspects behind some of the industry’s most devastating cryptocurrency heists, such as the $1.4 billion Bybit hack, the largest to date.
Throughout 2024, North Korean hackers stole more than $1.34 billion worth of digital assets across 47 incidents, representing a 102% increase from the $660 million taken in 2023, according to Chainalysis data.
