Hackers impersonate recruiters to steal Cryptocurrency, with $3 Billion stolen since 2017
The FBI has issued a warning about North Korean hacking groups ramping up targeted social engineering attacks on cryptocurrency companies and their employees, with the intent to deploy malware and steal digital assets. These highly sophisticated tactics are designed to evade detection, even by those with advanced cybersecurity expertise.
In recent months, North Korean threat actors have conducted extensive research on potential targets, particularly individuals linked to cryptocurrency exchange-traded funds (ETFs) and related financial products. The FBI suggests that these groups are preparing for attacks on companies involved in such assets.
Cryptocurrency organisations, especially those handling large quantities of crypto, are at significant risk of being breached by these state-sponsored actors aiming to steal funds. The social engineering techniques employed include impersonating known contacts or prominent figures within the cryptocurrency field and luring victims with fake job offers or investment opportunities.
“North Korean malicious cyber actors communicate with victims in fluent or near-fluent English, making them hard to distinguish from legitimate contacts,” the FBI warned. Additionally, attackers create convincing websites and use stolen images to enhance their credibility.
The FBI provided a list of indicators that may suggest North Korean social engineering activity and recommended best practices for companies to mitigate the risk of compromise.
Since the beginning of 2024, scammers have also posed as employees of cryptocurrency exchanges, fake law firms offering crypto recovery services, and even recruiters advertising fraudulent remote job opportunities.
North Korean hacking groups, including Lazarus Group, Kimsuky, and Andariel, have stolen an estimated USD 3 billion in cryptocurrency since 2017, according to Recorded Future. In 2022 alone, North Korean actors stole USD 1.7 billion, amounting to 5 per cent of the nation’s economy.
Notable heists attributed to North Korean hackers include breaches of the Harmony blockchain bridge (USD 100 million), the Nomad bridge (USD 190 million), and the largest crypto hack ever against Axie Infinity’s Ronin network bridge, which resulted in a theft of USD 620 million.
