North Korean hackers are intensifying attempts to breach cryptocurrency firms by masquerading as IT professionals, prompting new security worries for the sector, as highlighted by Binance co-founder Changpeng “CZ” Zhao and a team of ethical hackers.
CZ raised the alarm on Thursday via X regarding the escalating threat of North Korean hackers who aim to infiltrate crypto companies by seeking employment and even offering bribes to exchange personnel for data access.
“They pose as job applicants to gain employment in your company. This provides them a “foot in the door,” particularly in roles related to development, security, and finance,” said CZ.
“They act as employers and attempt to interview/offer your staff. During the interview, there will be an issue with Zoom, prompting them to send your employee a link for an ‘update,’ which contains a virus that will take over your employee’s device.”
Other North Korean operatives may give employees coding challenges to deliver malicious “sample code” later, pretend to be users sending harmful links to customer support, or even “bribe your employees, outsourced vendors for data access,” Zhao noted.
“To all crypto platforms, educate your employees to avoid downloading files, and carefully vet your candidates,” he stressed.
Related: Bitcoin ETFs are the next major target for North Korean hackers — Cyvers
This warning follows similar alerts from Coinbase, which noted a new surge of threats last month.
In response, Coinbase CEO Brian Armstrong implemented new internal security protocols, including mandatory in-person training for all employees in the US, while those with access to sensitive systems will need to be US citizens and undergo fingerprinting.
“We can partner with law enforcement […] but it seems like there are 500 new graduates every quarter, from some kind of institution, and that’s their only job,” Armstrong expressed to Cheeky Pint podcast host John Collins.
Related: Bitcoin whale awakens after 12 years, transfers 1,000 BTC prior to US Fed meeting
Security Alliance identifies 60 North Korean hackers impersonating IT workers
Zhao’s alert coincided with a report from a group of ethical hackers known as Security Alliance (SEAL), which compiled profiles of at least 60 North Korean agents pretending to be IT professionals with fake identities aiming to penetrate US crypto exchanges and steal sensitive user data.
“North Korean developers are keen to work for your company, but it’s crucial to avoid being duped by impostors during the hiring process,” stated Security Alliance in a Wednesday X post, sharing their new repository on North Korean impersonators.
The repository features critical data on these impersonators, including aliases, fake names and emails used, as well as real and fictitious citizenships, addresses, locations, and the number of firms that employed them.
Salary details, GitHub profiles, and all other public affiliations are also available for each impersonator.
In June, four North Korean operatives infiltrated various crypto firms as freelance developers, collectively stealing $900,000 from these startups, underscoring the growing danger, Cointelegraph reported.
The ethical SEAL team was established to counter these threats, led by white hat hacker and Paradigm researcher Samczsun. SEAL completed over 900 hack-related inquiries within a year of its inception, highlighting the increasing demand for ethical hackers, as reported by Cointelegraph in August 2024.
North Korean hackers, including the notorious Lazarus Group, are major suspects behind some of the most significant cryptocurrency thefts, such as the $1.4 billion Bybit breach, the largest in the industry to date.
Throughout 2024, North Korean hackers stole more than $1.34 billion in digital assets across 47 incidents, marking a 102% rise from the $660 million taken in 2023, according to Chainalysis data.
Magazine: Coinbase hack indicates the law probably won’t protect you — Here’s why
