The FBI has issued a warning that North Korean hackers are aggressively targeting cryptocurrency exchanges, decentralized finance (DeFi) platforms, and companies tied to cryptocurrency exchange-traded funds (ETFs). The attackers use malware to steal funds, impersonating legitimate companies or individuals to gain trust and deliver malicious software.
The hackers use social engineering techniques, including fake job offers and investment opportunities, often presenting salaries or benefits that seem too good to be true. They also convince crypto employees to download malicious apps or files, or perform fake “pre-employment tests” to plant malware.
Given the sophistication of these attacks, even companies with strong cybersecurity measures may be at risk. Once stolen, crypto transactions are difficult to reverse, and hackers often use tools like mixers to hide their trail.
North Korean hackers have long been associated with significant crypto heists, including the Lazarus Group’s $622 million attack on Ronin. The FBI urges firms to strengthen verification processes, avoid downloading unknown files, and implement malware protection and two-factor authentication.