North Korean hackers continue to devise new methods to steal cryptocurrency globally, turning these thefts into an organized and intensive campaign, according to a Reuters report.
Twenty-five experts, victims, and a company representative told Reuters that this phenomenon has become widespread everywhere. Although there are no official estimates of the losses, Chainalysis estimated North Korean thefts last year at no less than $1.34 billion. The United States and UN monitors say these funds are used to support Pyongyang’s sanctioned weapons program.
These warnings are not new. At the end of last year, the FBI issued a public statement warning that North Korea aggressively targets the cryptocurrency industry through “complex and detailed” social engineering schemes.
Carlos Yanez, Business Development Manager at Swiss company Global Ledger, was among those targeted. He told Reuters, “It happens to me all the time, and I’m sure it happens to everyone in this field,” adding that identity impersonation attempts have become more sophisticated over the past year. “It’s scary how much progress they’ve made,” he added.
The Reuters report revealed previously undisclosed details about the method used. Initially, a recruiter contacts victims via platforms like LinkedIn or Telegram, offering an attractive job opportunity in blockchain. In a message dated January 20, one contacted Victoria Peribel, claiming to represent Bitwise Asset Management: “We are currently expanding our team and looking for individuals passionate about cryptocurrency markets.”
After a brief conversation about the job nature, the recruiter directs the candidate to a suspicious website to take a skills test or record a video. Some questioned why the interview wasn’t conducted on popular platforms like Google Meet or Zoom.
Olof Haglund, a machine learning entrepreneur, received a similar offer from someone claiming to be a recruiter at Robinhood. Haglund refused to download the code required to record the video and ended the interview, but others were less cautious.
An anonymous product manager at a US cryptocurrency company told Reuters he sent a video to a recruiter claiming to represent Ripple Labs, only to later discover $1,000 worth of Ether and Solana stolen from his digital wallet. When he searched for the recruiter’s LinkedIn account, it had completely disappeared.
SentinelOne and Validin attributed these thefts to a North Korean campaign dubbed “The Infectious Interview” by cybersecurity firm Palo Alto Networks. Researchers say they identified the hackers through IP addresses and an email linked to previous North Korean attacks.
During their investigation, researchers found records accidentally leaked by the hackers, revealing data on more than 230 people including developers, accountants, consultants, managers, marketers, and others targeted between January and March.
Recommended for you
Exhibition City Completes About 80% of Preparations for the Damascus International Fair Launch
Talib Al-Rifai Chronicles Kuwaiti Art Heritage in "Doukhi.. Tasaseem Al-Saba"
Ministry of Media Announces the 10th Edition of 'Media Oasis'
Al-Jaghbeer: The Industrial Sector Leads Economic Growth
Unified Admission Applications Start Tuesday with 640 Students to be Accepted in Medicine
Afghan Energy and Water Minister to Al Jazeera: We Build Dams with Our Own Funds to Combat Drought