North Korean hackers said to target crypto startups in months-long cybercrime campaign

A Thursday report from the Russian cybersecurity firm Kaspersky Labs identified North Korean hackers behind sophisticated phishing and social engineering attacks targeting cryptocurrency startups.

Kaspersky internally identified the North Korean hackers as BlueNoroff, who have stolen over $1.1 billion from financial institutions worldwide, according to the US Treasury Department. BlueNoroff is believed to be a part of Lazarus, a larger group of cybercriminals seeking to finance the North Korean government hindered by international sanctions.

One scheme Kaspersky observed was BlueNoroff targeting successful crypto startups for social engineering and phishing attacks — identifying key people and conversations within the company to facilitate the attack. 


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Another scheme involved BlueNoroff impersonating a person in the top management of Digital Currency Group (DCG), the crypto-focused firm that owns Grayscale Investments and media publication CoinDesk. BlueNoroff sent an email impersonating the DCG personnel to someone in the crypto startup in hopes that the target would click on an infected link, Kaspersky wrote in the report.

In addition to DCG, the hackers abused the names of 14 other companies in targeted phishing attacks. 

North Korean hackers stole nearly $400 million worth of digital assets alone in 2021 — an increase in 40% compared to the year prior, according to a report from the blockchain analytics firm Chainalysis

About Author

MK Manoylov has been a reporter for The Block since 2020 — joining just before bitcoin surpassed $20,000 for the first time. Since then, MK has written nearly 1,000 articles for the publication, covering any and all crypto news but with a penchant toward NFT, metaverse, web3 gaming, funding, crime, hack and crypto ecosystem stories. MK holds a graduate degree from New York University's Science, Health and Environmental Reporting Program (SHERP) and has also covered health topics for WebMD and Insider. You can follow MK on X @MManoylov and on LinkedIn.