North Korean hackers are now disguising themselves as employees of crypto startups and have pulled off several heists in the last few months.

In the last six months, the exploits have increased impacting both the crypto projects and users’ wallets. On-chain investigator ZachXBT pointed out that some of the hackers from North Korea were rather reckless with their anonymity. They even correlated their wallet actions to the human-understandable, recognized ENS names.

Example 2: Four other DPRK IT workers who were on the Munchables team and involved in the $62.5M hack https://t.co/NqoHZwiSkT

— ZachXBT (@zachxbt) July 15, 2024

One significant incident involved the Munchables game team. In March 2024, the game suffered a hack that resulted in a loss of $62M to $64M in ETH. The hacker later returned the funds. This incident highlighted the growing threat of insider attacks within the crypto industry.

High-Profile Incidents and Emerging Attack Vectors

Apart from internal threats, other threats to the systems have evolved over time. Lately, there are more and more flash loans against protocols. Minterest experienced a $1.4M flash loan exploit, while Dough Finance lost $1.9M. The stolen Minterest funds were transferred to the Tornado Cash mixer, which makes it almost impossible to get back.

Furthermore, multiple large Web3 protocols’ sites were attacked. Attackers changed the URLs to the ones containing wallet drainers. Some of the affected sites include Curve Finance though it was quickly resolved. These incidents highlight that one needs to be careful with any Web3 links that one comes across.

Laundering patterns point to the involvement of Lazarus, a notorious hacking group. Some stolen funds are mixed and sent to small non-KYC exchanges. A recent hack traced funds to the Huione Guarantee market, a hub frequently used by Lazarus hackers.

Governance attacks have also become a significant concern for DeFi projects. North Korean hackers have been linked to multiple governance attacks. These attacks are particularly damaging as they can redistribute liquidity and control. The DAO model, which ties voting to fund distribution, has been exploited numerous times.

TrueFi DAO is currently working to ensure fair governance while raising concerns about potential malicious governance. Dark DAOs, which can afford to buy voting rights, pose a substantial threat. They gain voting rights through regular Web3 activities, such as liquid staking.

In some cases, DAOs hold votes to distribute significant treasuries. Imposters with built stakes can vote and gain control of large parts of these treasuries. Most DAOs rely on smart contracts, automating the process and making it susceptible to exploitation.

ZachXBT noted that some North Korean hackers were easily identified in DAO attacks. They often failed to use various veiling technologies for vote-buying. This lack of caution has led to the exposure of their activities.

Connections to Huione Guarantee Market

Connections to the Huione Guarantee market have created suspicion towards wallets and the projects. This market can cause blacklisting as recently experienced with a Tether (USDT) wallet on the TRON blockchain. Huione Guarantee is a P2P trading platform of credit warranty and escrow service. Allegedly being an innocent platform for exchanges it has enabled individual scams and money laundering of stolen cryptocurrencies.

The products sold by Huione Guarantee are similar to the abuses and hacks found on Telegram. They provide software and tools for targeted phishing and use USDT for large value transfer. These transactions are associated with small online stores, which makes it hard to link.

ZachXBT’s research revealed a new list of addresses tied to Huione Guarantee usage. This finding further underscores the need for vigilance in the crypto community. The involvement of North Korean hackers poses a persistent threat to the integrity and security of crypto projects.

The post North Korean Hackers Pose as Employees to Infiltrate Crypto Startups appeared first on Coinfomania.