FBI Warns of North Korean Cyberattacks on Crypto ETF Companies

Last updated:

Journalist

Hassan Shittu

Journalist

Hassan Shittu

About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in…

Last updated:

Why Trust Cryptonews

With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

The FBI has issued a warning to the cryptocurrency industry about North Korea’s increasing use of sophisticated social engineering tactics to target employees of decentralized finance (DeFi) platforms, cryptocurrency companies, and those involved with cryptocurrency exchange-traded funds (ETFs).

The Democratic People’s Republic of Korea (DPRK) has been aggressively deploying elaborate and highly tailored cyberattacks aimed at infiltrating companies and stealing cryptocurrency assets.

Despite advanced cybersecurity measures, the scale and persistence of these attacks have proven challenging even for those well-versed in cybersecurity.

Cryptocurrency Companies in Danger, FBI Warns

The FBI warning to companies in the cryptocurrency sector is said to be part of a new wave of cyberattacks orchestrated by North Korean state-sponsored hackers.

These cybercriminals have been aggressively targeting businesses involved in decentralized finance (DeFi), cryptocurrency exchange-traded funds (ETFs), and other related industries through highly tailored and sophisticated social engineering campaigns.

These efforts aim to deploy malware and steal large quantities of cryptocurrency assets, and even expert cybersecurity practitioners find them scary.

The attack is orchestrated from pre-operational research and meticulously crafted social engineering tactics designed to deceive employees of targeted companies.

According to the FBI, these actors conduct extensive background checks on potential victims, including their social media activity and professional networking profiles.

Using the information they gathered, they construct individualized, highly believable scenarios that appeal specifically to the victim’s background, skills, and interests.

These approaches often include employment offers, corporate investments, or other attractive and legitimate opportunities.

North Korean hackers are known to go to great lengths to establish rapport with their targets, engaging in prolonged communications to build trust and deliver malware under seemingly innocuous circumstances.

They have impersonated legitimate recruiters, technology firms, and even known contacts within the industry, using stolen imagery and fake identities to add credibility to their schemes.

The FBI also notes that these actors are fluent in English and deeply understand the technical aspects of the cryptocurrency field. The realism of their deceptions is difficult to detect.

North Korean’s Persistent Threat to the Crypto Sector

In recent months, the FBI has observed North Korean cyber actors conducting detailed reconnaissance on companies associated with cryptocurrency ETFs.

This research indicates that these entities actively prepare for malicious activities against firms managing or connected to cryptocurrency ETFs.

Given North Korea’s advanced capabilities and relentless pursuit of cryptocurrency assets, the FBI emphasizes that companies must remain vigilant and adopt robust security measures to mitigate the risks.

The FBI’s warning outlines several key indicators of North Korean social engineering activity, which include unexpected requests to execute code or download applications on company-owned devices, offers of high-paying jobs from well-known firms without prior discussions, and unsolicited investment opportunities.

Additionally, the hackers often insist on using non-standard software or platforms, ostensibly for routine tasks, and may push to move professional communications to less secure messaging applications.

These tactics are designed to circumvent conventional security protocols and gain unauthorized access to sensitive networks and financial assets.

To counter these threats, the FBI recommends a series of mitigation strategies for companies in the cryptocurrency space. It can be found in detail here.

Notably, the recent WazirX hack resulted in a loss of $235 million, with most suspicions pointing toward North Korean hackers.

A recent report of an investigation also showed that North Korean national fake job applicants are reportedly applying for crypto jobs to infiltrate projects for malicious purposes.

A report in June also pointed at something similar: a threat intelligence report from Google Cloud exposed a large wave of cyberattacks by North Korean hackers targeting cryptocurrency exchanges, fintech companies, and individuals in Brazil.

The North Korean Lazarus Group has laundered over $200 million worth of crypto into fiat currency between August 2020 and October 2023, making them one of the biggest cyber threats to crypto.