Fake Job Offers, Real Thefts: North Korea’s New Crypto Scam Tactic

A new report has revealed North Korean hackers are posing as recruiters, luring in applicants with fake job offers to rob them of their crypto funds. North Korean Hackers Are Masquerading As Recruiters To Steal Crypto According to a report from Reuters , research, raw data, and interviews have shed light on the latest playbook that North Korean hackers are using to pull off crypto heists. Hacking groups tied to North Korea are notorious in the space, having been blamed for several high-profile attacks. In 2024 alone, they made away with $1.34 billion in digital assets, as per Chainalysis data. Some of the major examples in that year included a $305 million hack on Japanese crypto exchange DMM and a $235 million attack on Indian digital assets platform WazirX . The largest of them all, however, occurred this year, involving Bybit , the exchange second only to Binance in trading volume. Malicious players related to North Korea stole a whopping $1.5 billion from the platform. Bybit has been able to recover a portion of the funds, but the majority of the stolen tokens have already become untraceable. Hackers exploited vulnerabilities in the platform’s wallet system to pull off the heist. But attackers tied to Pyongyang aren’t solely relying on large-scale exchange exploits. Research unveils they are also employing a more subtle tactic to steal digital assets: by masquerading as recruiters. The scam involves malicious actors reaching out over platforms like LinkedIn and Telegram and advertising a blockchain-related job for well-known firms like Ripple, Bitwise, and Robinhood. Then, the recruiter would ask applicants to take a skills test on an obscure website and record a video. Some prospects would get suspicious at this stage and back off, but those who didn’t would end up getting funds stolen from their crypto wallets kept on the device. Reuters notes: SentinelOne and Validin attribute the thefts to a North Korean operation previously dubbed “Contagious Interview”, opens new tab by cybersecurity company Palo Alto Networks. The researchers tracking the campaign concluded that the North Koreans were behind it based on several factors, including their use of internet protocol addresses and emails linked to previous North Korean hacking activity. In January, the governments of Japan, the US, and South Korea came together to release a joint statement regarding the North Korean crypto thefts. The statement warned that Pyongyang’s cyber program poses a serious threat to the international financial system, with the stolen funds believed to be funneled into its weapons of mass destruction and ballistic missiles program. Bitcoin Price Bitcoin recovered above $112,000 earlier, but the coin has now come back down to the $110,100 mark. This price drop during the past day has accompanied $43 million in derivatives market liquidations, according to data from CoinGlass .