North Korea is ramping up efforts to hack America’s Bitcoin ETFs. The FBI is warning that North Korean hackers are using slick, hard-to-detect tricks to get inside crypto companies.
The hackers start with detailed research. They look into specific DeFi and crypto businesses and pick out employees to target. They gather information from social media and job sites, learning everything they can about their targets.
With that, they create fake scenarios tailored to the victim. It might be a new job offer or some sort of investment opportunity. They use details about the victim’s job, skills, or hobbies to make these offers seem real.
The idea is to build trust. The hackers chat with the victims, mostly for a long time, and gain their confidence. Then, they trick them into downloading malware or clicking on a malicious link.
This gives the hackers access to the company’s network. They are good at this game. They speak fluent English and know their way around crypto. Impersonation is another favorite trick, according to the FBI.
Hackers pretend to be someone the victim might know, like a recruiter or a tech executive. They use stolen photos and fake profiles to make their impersonations look real.
Sometimes, they even set up fake websites for non-existent companies. In October 2023, the Department of Justice seized 17 domains set up by North Korea to impersonate real businesses.
The FBI has laid out several steps to protect against these attacks. First, always verify a contact’s identity through multiple channels. Don’t store cryptocurrency wallet information on devices connected to the internet.
If you must run any code for a pre-employment test, use a virtual machine that is not linked to your company’s network.
Require multiple levels of authentication for any transfer of financial assets and regularly check your network for vulnerabilities.
If you think your company has been targeted by these hackers, the FBI suggests taking immediate action. Disconnect any affected devices from the internet but keep them on to preserve evidence.
Report the incident to the FBI’s Internet Crime Complaint Center. Provide as much detail as possible, like screenshots and any info about the hackers.
The FBI also recommends consulting with law enforcement or private incident response teams for further investigation and cleanup.