U.S. Government Issues Alert on Malicious North Korean Crypto Activity

The United States government has released a cybersecurity advisory on North Korean state-sponsored activity in the crypto space.

By Scott Chipolina

The FBI, the U.S. Treasury Department, and Cybersecurity and Infrastructure Security Agency (CISA) have co-released a cybersecurity advisory on North Korean state-sponsored efforts targeting the blockchain and cryptocurrency industry. 

“The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry,” the report reads. 

The report specifically cites several target areas of the industry, including exchanges, decentralized finance (DeFi) protocols, venture capital funds, and individual holders of large amounts of crypto-related assets such as tokens or non-fungible tokens (NFTs). 

The alert also includes several mitigation strategies designed to stimy the activity led by these cyber actors.

Lazarus Group targets crypto

In the report, the U.S. government identifies a group of state-sponsored actors using tactics similar to Lazarus Group, a previously identified and infamous North Korean hacker organization. 

These tactics include uploading malware software on victims’ applications to facilitate the theft of crypto holdings. 

“As of April 2022, North Korea’s Lazarus Group actors have targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearfishing campaigns and malware to steal cryptocurrency,” the report reads. 

The advisory also references a strategy dubbed “TraderTraitor,” where intrusions begin with specific spearphishing messages sent to employees in crypto companies, often those working in IT or software development. 

These messages often mimic recruitment strategies, offering high-paying jobs to entice victims to download the malware. 

North Korean crypto ambitions

This is not the first time North Korea has been associated with illicit crypto activity. 

Last year, the United Nations released a report that found North Korea’s nuclear and ballistic missiles programs were part-financed by cryptocurrencies. 

Elsewhere, blockchain analytics platform Chainalysis found North Korean hackers stole almost $400 million in Bitcoin and Ethereum in 2021. 

The U.S. treasury recently connected North Korean hackers to the $622 million Axie Infinity exploit that targeted the cryptocurrency video game’s Ethereum sidechain, the Ronin network.