North Korean hackers are after the blockchain and crypto sectors, the US government warns


The US government released an advisory to warn the public about the elevated risk of state-sponsored cyberattacks on the blockchain and crypto industries, led by North Korea-affiliated hackers.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) issued a joint statement about the tactics used by state-led cybercriminals. The statement highlights North Korean Lazarus Group, APT38, BlueNoroff, and Stardust Chollima as the biggest threats.

The number of targets within the blockchain and crypto industries includes institutional organizations, private entities, and even individual cryptocurrency and NFT owners.

ADVERTISEMENT

“The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs,)” the advisory reads.

The U.S. government observed a group of North Korean hackers utilizing similar tactics to the Lazarus Group, which has previously targeted the defense industry of Israel, banks, and crypto exchanges. Additionally, the warning identified intrusions through a large number of spearphishing messages known as "TraderTraitor.” In the attack, a series of messages are sent to employees of cryptocurrency companies in a fake recruitment effort, encouraging the recipients to download malware-laced cryptocurrency applications.

Last week, the State Department offered a $5 million-worth reward for information on threat actors financially linked to North Korea's WMD and ballistic missile programs. This includes IT workers participating in cyber intrusions, DDoS attacks, digital currency and data theft, as well as network exploitation and extortion on behalf of North Korea. The aim is to disrupt the chain of financial sponsorship and funding used for illicit activities.

“The Department is also authorized to offer rewards of up to $5 million for information leading to the identification of any individual who, at the direction of or under control of the North Korean government, aids or abets a violation of the Computer Fraud and Abuse Act,” the statement by the Rewards for Justice, which offers rewards for information on terrorism, interference in the US elections, and other cyber activities aimed at disrupting local operations, says.