Recent on-chain investigations have uncovered a disturbing trend: North Korean hackers infiltrating cryptocurrency startups by securing positions within these companies. 

Over the past six months, these internal threats have contributed to significant security breaches affecting individual wallets and entire projects.

Rising crypto insider threats

Cryptocurrency projects are facing increased risks from insider threats, as evidenced by recent exploits. Notably, the Munchables game team suffered a hack in March 2024, resulting in a loss of approximately $63 million in Ethereum (ETH). Fortunately, this amount was later recovered. 

According to on-chain investigator ZachXBT, these North Korean hackers have occasionally failed to obscure their identities, linking their malicious activities directly to recognizable and human-readable Ethereum Name Service (ENS) names.

This breach is part of a broader pattern of attacks that continues to shake the foundation of trust in Web3 technologies. Various projects have been compromised through different means, including volunteer developers and tainted code builds. Recent incidents also highlighted vulnerabilities to flash loan attacks, with Minterest and Dough Finance losing $1.4 million and $1.9 million, respectively. In response to these breaches, the stolen Minterest funds were quickly transferred to the Tornado Cash mixer, complicating recovery efforts.

Web3 protocols under siege

The security challenges extend beyond internal exploits, including external attacks on Web3 protocol websites. Several significant platforms have had their websites compromised, redirecting users to malicious sites that drain cryptocurrency wallets. 

Curve Finance was affected, although it has regained control of its website. This ongoing issue underlines the need for heightened vigilance when interacting with Web3 links.

Further investigation points to the involvement of the notorious Lazarus group, a collective that has a pattern of laundering funds through small, non-KYC-compliant exchanges. This method was evident in a recent incident in which hacked funds were traced to the Huione Guarantee market, a platform frequently utilized by Lazarus for its escrow services and noted for facilitating personal scams.

Governance attacks threaten DAO stability

Governance attacks pose another significant risk, especially concerning decentralized autonomous organizations (DAOs) where liquidity and voting power are at stake. Some North Korean hackers have been identified as perpetrators of such attacks, exploiting the DAO model that links voting rights to fund distribution. These attacks have raised concerns within communities like the TrueFi DAO, striving to maintain fair governance amidst these threats.

Example 2: Four other DPRK IT workers who were on the Munchables team and involved in the $62.5M hack https://t.co/NqoHZwiSkT

— ZachXBT (@zachxbt) July 15, 2024

ZachXBT’s research has also uncovered that these hackers often neglect to use advanced obfuscation techniques during their governance attacks, making their activities more traceable. This negligence provides critical insights into preventing future breaches and underscores the DAO frameworks’ ongoing vulnerabilities.

As the cryptocurrency landscape evolves, insider threats and sophisticated governance attacks highlight the need for robust security measures and continuous vigilance. Organizations must proactively enhance their defensive strategies to safeguard against internal and external threats. This approach is vital in maintaining the integrity and trust necessary for the sustained growth of the Web3 ecosystem.

The post North Korean Hackers Infiltrate Crypto Projects by Posing as Employees first appeared on Coinfea.