North Korean hackers are intensifying their efforts to breach cryptocurrency firms by masquerading as IT professionals, raising new security alarms for the sector, according to Binance co-founder Changpeng “CZ” Zhao and a team of ethical hackers.
CZ issued a warning on Thursday via X regarding the escalating danger posed by North Korean hackers aiming to infiltrate crypto businesses through job applications and even bribing exchange personnel for confidential data.
“They pose as job seekers to attempt to gain employment within your organization. This grants them a “foot in the door,” particularly related to roles in development, security, and finance,” CZ stated.
“They impersonate employers and try to interview your employees. During these interviews, they will create Zoom issues and send your employee a link to an “update,” which contains malware that will compromise your employee’s device.”
Other North Korean agents provide employees with coding questions to later send malicious “sample code,” impersonate users to deliver harmful links to customer support, or even “bribe your employees and outsourced vendors for data access,” Zhao noted.
“All crypto platforms should educate their employees not to download files and rigorously evaluate their job candidates,” he added.
Related: Bitcoin ETFs are the next significant target for North Korean hackers — Cyvers
This alert follows similar concerns raised by Coinbase, which reported a new surge of threats last month.
In response, Coinbase CEO Brian Armstrong implemented new security protocols, including mandating all employees undergo in-person training in the US, while those with access to sensitive systems must be US citizens and undergo fingerprinting.
“We can work with law enforcement […] but it feels like there are 500 new individuals graduating every quarter from some sort of school, and that’s their entire job,” Armstrong told Cheeky Pint podcast host John Collins.
Related: Bitcoin whale awakens after 12 years, transfers 1,000 BTC before US Fed meeting
Security Alliance reveals 60 North Korean hackers posing as IT workers
Zhao’s alert coincided with a report from a group of ethical hackers known as Security Alliance (SEAL), which compiled the profiles of at least 60 North Korean agents impersonating IT professionals under false identities aiming to infiltrate US crypto exchanges and extract sensitive user information.
“North Korean developers are keen to join your company, but it’s essential to avoid being deceived by impostors during hiring,” Security Alliance stated in a Wednesday X post, sharing its new repository for North Korean impersonators.
The repository includes crucial details on North Korean impersonators, such as aliases, false names and emails used, as well as real and fake citizenships, addresses, locations, and the firms that have employed them.
Salary information, GitHub profiles, and all other public affiliations are also included for each impersonator.
In June, four North Korean operatives penetrated various crypto firms as freelance developers, stealing a total of $900,000 from these startups, highlighting the escalating threat, Cointelegraph reported.
The white hat SEAL team was established to counter these threats, spearheaded by white hat hacker and Paradigm researcher Samczsun. SEAL conducted over 900 hack-related investigations within a year of its inception, showcasing the increasing necessity for ethical hackers, Cointelegraph reported in August 2024.
North Korean hackers, including the notorious Lazarus Group, are the primary suspects behind some of the most catastrophic cryptocurrency thefts, including the $1.4 billion Bybit hack, the largest in the industry to date.
Throughout 2024, North Korean hackers pilfered over $1.34 billion worth of digital assets across 47 incidents, reflecting a 102% increase from the $660 million stolen in 2023, according to Chainalysis data.
Magazine: Coinbase hack demonstrates that the law probably won’t shield you — Here’s why
