As the crypto industry continues to grow massively in adoption, North Korean operatives have escalated their infiltration tactics into the sector by exploiting job postings, a recent investigation by DL News has revealed.
Shaun Potts, founder of crypto-specific recruiting firm Plexus, noted:
It’s an operational hazard for the industry. It’s an ongoing thing, in the same way that hacking is a thing within tech. You can’t stop it, but you can minimise its risks.
A Closer Look At The Method
Cybersecurity experts said North Korean hackers use social engineering to target cryptocurrency companies. Security expert Taylor Monahan explained how these ‘nefarious’ hackers trick employees into “unwittingly” allowing them access to the company’s private data.
According to Monahan, the attackers usually approach potential victims on social networks or specialized messaging apps, offering fake jobs or impairments to technical support requests.
After that communication is established, they convince employees to download files filled with malicious software in the name of a “skills test” or resolve a software bug, leading to catastrophic data breaches.
For example, one long-time fave method:
– Contact employee via social/messaging app
– Direct them to a Github for a job offer, “skills test,” or to help with a bug
– Rekt individual’s device
– Gain entry to company’s AWS
– Rekt company (and their users)https://t.co/nVZ9tVJgKH pic.twitter.com/NJPSJEH1kF— Tay (@tayvano_) July 8, 2024
Talking about how individuals could avoid falling for this scam, Monahan, in a recent post on X, advised:
Instead of thinking you’re invincible: Eliminate single points of failure Use hardware wallets / hardware MFA Don’t run/build code from strangers Use diff devices for talking vs accessing crypto Don’t judge Learn from other’s mistakes Educate those around you STAY SKEPTICAL!
Broader Implications And Global Impact
Notably, this trend of job posting hacks appears to be an alarming scheme extending well beyond crypto borders.
According to the DL News report, the United Nations Security Council has quoted the involvement of over four thousand North Korean nationals working under “bogus credentials” in different Western tech firms for channeling more than $600 million to their home country every year.
A notable case study for the potential attractiveness of hunting grounds lies in the partially anonymous crypto sector, where it is hard to fish out identity verifications within such digital transactions and job applications.
The damage caused by these breaches is extensive, as losses from crypto hacks associated with North Korean actors have already exceeded $3 billion. The cashing out the funds exploited from the respective hacks is quite intriguing.
A recent Chainalysis report revealed increased traditional money launderers using cryptocurrency for on-chain money transfers, differentiating from typical on-chain crypto crimes.
According to the report, nearly 80% of illicit funds are transferred through intermediary wallets, with other methods including mixers, privacy coins, and cross-chain protocols.
Featured image created with DALL-E, Chart from Tradingview