The Federal Bureau of Investigation (FBI) issued a hacking alert on Tuesday warning that North Korea was aggressively targeting the cryptocurrency industry, using complex and elaborate schemes that render “well versed” cybersecurity experts vulnerable to attacks.
“This research included pre-operational preparations suggesting North Korean actors may attempt malicious cyber activities against companies associated with cryptocurrency ETFs or other cryptocurrency-related financial products.”
The FBI outlined multiple social engineering tactics employed by North Korean hackers. The criminals may seek to influence employees at DeFi or cryptocurrency-related businesses to secure unauthorized access to networks.
For this, the threat actors identify prospective victims by reviewing social media activity, specifically employment platforms.
The hackers approach targets with new employment or corporate investment offers. “The actors usually attempt to initiate prolonged conversations with prospective victims to build rapport and deliver malware in situations that may appear natural and non-alerting,” the FBI stated.
“If successful in establishing bidirectional contact, the initial actor, or another member of the actor’s team, may spend considerable time engaging with the victim to increase the sense of legitimacy and engender familiarity and trust.”
The hackers may impersonate individuals the victim knows directly or indirectly. Such impersonations present themselves as recruiters on professional networking websites or certain prominent people in the tech field.
The FBI stressed that North Korea poses a “persistent threat” to organizations having large quantities of crypto assets.
“Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets.”
Crypto Thefts
Hackers linked to North Korea stole at least $600 million in cryptocurrency last year, accounting for almost a third of all funds stolen via crypto hacks in 2023, according to a January report by TRM Labs.“Hacks perpetrated by the DPRK were on average ten times as damaging as those not linked to North Korea. Nearly USD 3 billion worth of crypto has been lost to Pyongyang-linked threat actors since 2017,” the report stated.
“North Korea conducts nearly all of its attacks by compromising private keys and seed phrases, which are critical security elements of digital wallets. Hackers transfer the victims’ digital assets to wallet addresses controlled by North Korean operatives.”
“We estimate that North Korea-linked hackers stole approximately $428.8 million from DeFi platforms in 2023, and also targeted centralized services ($150.0 million stolen), exchanges ($330.9 million), and wallet providers ($127.0 million).”
The White House was referring to allegations made by democratic South Korea that its contentious northern neighbor employed hackers to steal $1.2 billion in digital assets.
The United Nations is also reportedly looking into these activities.
