FBI says North Korean hackers are 'aggressively targeting' crypto employees

Quick Take
- North Korean hackers are using “complex and elaborate” social engineering strategies on web3 employees to steal company crypto.
- Such tactics can be hard to spot and dupe even individuals with high technical knowledge.
- To avoid such threats, the FBI recommends firms eschew storing crypto wallet information on internet-connected devices and create safe systems to verify company individuals.


The United States Federal Bureau of Investigation (FBI) noted that North Korean cybercriminals are "aggressively targeting" employees in the web3 industry to steal crypto funds.
The FBI noted that North Korean actors deploy sophisticated social engineering strategies to deceive individuals at cryptocurrency and decentralized finance (DeFi) firms to "compromise networks connected to cryptocurrency assets," the FBI wrote in a Tuesday release. Such schemes pose a "persistent threat" to entities holding large amounts of cryptocurrency or related products.
"North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months," the FBI continued. "This research included pre-operational preparations suggesting North Korean actors may attempt malicious cyber activities against companies associated with cryptocurrency ETFs or other cryptocurrency-related financial products."
In addition to researching potential targets, North Korean cybercriminals have impersonated notable members within an employee's company or fabricated fake scenarios — tailored to the victim's background, skills or business interests — to gain and exploit their trust.
Other tactics include having the victim download an application on a device connected to the web3 company's network, requesting non-standard software for simple tasks such as video conference or completing a debugging exercise involving malicious code packages.
To avoid such threats, the FBI recommends that firms eschew storing crypto wallet information on internet-connected devices, refrain from implementing de-bugging exercises on company computers and create systems to verify individuals via a separate communications platform.
The Block previously reported that North Korean hackers used fake job postings to access sensitive information at cryptocurrency firms and that North Korean cybercriminals are responsible for a total of $3 billion worth of crypto asset losses as of July 2024.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.