US government warns that North Korea is targeting crypto firms

Quick Take

  • The US government has publicly cautioned crypto firms to be wary of North Korean hackers.

  • An alert posted on the website of the Cybersecurity and Infrastructure Security Agency (CISA) stated that hacking groups are using a variety of techniques to steal crypto assets.

On Monday, three major US government entities issued a joint alert on cyber threats faced by companies working in the blockchain and cryptocurrency sector. These entities were the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department.

The public announcement, referred to as a ‘cybersecurity advisory’ was posted on CISA’s official website. CISA is a federal agency under the US Department of Homeland Security tasked to improve the country's cybersecurity, and routinely puts out alerts regarding threats.

The alert said the US government has observed that hacking groups, believed to be sponsored by the North Korean regime, are targeting crypto companies. The groups mentioned in the report — Lazarus Group, APT38, BlueNoroff, and Stardust Chollima — present what’s dubbed as an advanced persistent threat (APT). This means a cybersecurity threat actor that can gain unauthorized access to computer systems and remain undetected for long periods.

Per the announcement, crypto exchanges, decentralized finance protocols, play-to-earn games, venture capital firms and trading firms are being targeted by hackers to steal and launder crypto assets that will support the North Korean regime. Furthermore, the alert added that large individual investors are also at risk of being attacked.

Moreover, it explained that hacking groups have been actively trying to steal crypto assets from various crypto companies using a variety of techniques. These include phishing campaigns and social engineering, with the goal of deploying malicious applications, containing Trojan malware. These malicious applications have been dubbed "TraderTraitor" and infect computer systems to try and steal assets stored in crypto wallets, the alert said. The applications are typically executed through phishing emails sent to employees working in crypto firms by luring them via high-paying job offers. 

The latest announcement stressed that crypto firms need to be careful against cyber threats and use strategies to mitigate them. It listed mitigation procedures like patching software, employing multi-factor authentication (MFA) and educating employees on phishing attacks.

The groups mentioned in the alert have already stolen large sums of funds from cryptocurrency-related projects. Last week, the US government named Lazarus as the main perpetrator behind the $600 million hack on Ronin — the blockchain used for the play-to-earn game called Axie Infinity. But the group has been stealing from crypto players for some years now. In a January 2022 report, blockchain analytics firm Chainalysis noted that Lazarus Group was involved in a hack against Kucoin crypto exchange in 2020 and another undisclosed exchange in 2018. The two attacks net Lazarus more than $500 million in total from the two events.

The alert matches observations from prominent crypto individuals. DeFiance Capital Arthur Cheong posted a tweet thread on April 15 about this issue. He said, "Based on our research and conversation with leading cyber security experts, we believe BlueNorOff are running an organized campaign to target all the prominent organizations in the crypto space."

"It is critical that this industry is highly aware that we are being actively targeted by a state-sponsored cyber crime organization that is extremely resourceful and sophisticated," he added.

Cheong recently fell foul to a phishing attack, losing $1.7 million in NFTs and crypto from his own wallet. In addition, the firm lost a further $720,000 from a separate wallet due to the same attack and narrowly avoided losing $13.3 million more.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.