**
North Korea-Linked Job Recruitment Scam Exposed: Fireblocks CEO Speaks Out
**Digital asset infrastructure company Fireblocks has made a shocking discovery - a North Korea-linked job recruitment impersonation scam that targeted digital assets on LinkedIn profiles. The firm's investigation revealed that hackers used fake job interviews to compromise developers and gain access to crypto infrastructure.
According to Michael Shaulov, CEO of Fireblocks, the hackers were able to closely resemble a legitimate Fireblocks hiring process by impersonating recruiters, conducting Google Meet interviews, and sharing take-home assignments via GitHub. "What they're basically doing is that they are weaponizing a legit interview... to create a very legit and authentic interaction with candidates," Shaulov explained in an interview with CNBC.
When unsuspecting candidates ran routine installations, malware was actually installed, which could expose wallets, keys, and production systems. The hackers were targeting engineers based on their LinkedIn profiles, looking for individuals with "privileged access." Fireblocks identified almost a dozen fake profiles that were continuously changing company brands, suggesting the scam had been active for several years.
Shaulov revealed that his team was able to interact with the hackers and collect what they call "indication of compromise," essentially fingerprints of the tools and malware used in the campaign. Fireblocks worked closely with LinkedIn and law enforcement to get the fake profiles taken down, he added.
**
LinkedIn's Response
**A LinkedIn spokesperson stated that over 99% of fake accounts removed are detected proactively before anyone reports them. The social media platform for professionals is constantly investing in technology to detect "harmful behavior" and has guardrail procedures in place, including in-message warnings when chats move off the platform and verification badges for recruiters.
**
The Lazarus Group's History of Crypto Attacks
**Last year, Bybit experienced the largest crypto heist in history when hackers stole $1.5 billion in digital assets from the cryptocurrency exchange. Analysts at blockchain analysis firm Elliptic linked the attack to North Korea's Lazarus Group, a state-sponsored hacking collective notorious for siphoning billions of dollars from the crypto industry.
The Lazarus Group's history of targeting crypto platforms dates back to 2017, when they infiltrated four South Korean exchanges and stole $200 million worth of bitcoin. Shaulov, who helped investigate Lazarus Group's 2017 attacks on crypto platforms, said hackers tied to North Korea have been evolving at "light speed."
"In 2017 and 2018, it was actually quite easy to identify them because of grammar mistakes and typos," he explained. "But now, it looks like they graduated from [The University of] Oxford." Shaulov attributed the group's increasing sophistication to their use of AI-powered tools, making them much harder to detect.
**
The Growing Threat
**As the crypto industry continues to grow, so does the threat of sophisticated hacking groups like Lazarus. Shaulov emphasized that it is crucial for companies and individuals to be vigilant and aware of these emerging threats. "It's clear that the attackers have become way more sophisticated and way harder to detect because of AI," he concluded.