# Crypto Companies Under ‘Scary’ Attack by North Korean Hackers

The cryptocurrency industry is under constant attack by North Korean hackers, who have become highly proficient at tricking crypto owners and blockchain technicians into giving up valuable information with elaborate "social engineering" schemes.

Social engineering is a broad term for the methods hackers employ to lure their victims into downloading malware, or disclosing crucial information like their user names and login credentials. Major computer networks have become fairly resistant to "brute-force" hacking, so intruders find it necessary to steal legitimate user names and passwords from unwitting victims, or trick them into installing virus programs on their computers.

Most of the headline-grabbing cybercrimes of recent years have involved some form or social engineering, such as the ubiquitous "phishing" technique, which tricks victims into responding to realistic-looking emails or downloading virus-laced attachments. Reuters recently interviewed 25 cryptocurrency experts, corporate representatives, and victims of cybercrime who warned that North Korean hackers have grown relentless in their efforts to steal digital currency.

The attacks have grown significantly more sophisticated and effective over the past year. "It happens to me all the time and I'm sure it happens to everybody in this space," said Carlos Yanez, a business development executive at blockchain analytics firm Global Ledger. "It's scary how far they've come."

The FBI posted an alert on Wednesday warning that North Korea is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance cryptocurrency and similar businesses to deploy malware and steal company cryptocurrency.

"North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months," the FBI warned. "This research included pre-operational preparations suggesting North Korean actors may attempt malicious cyber activities against companies associated with cryptocurrency ETFs or other cryptocurrency-related financial product."

The FBI said teams of North Korean "malicious cyber actors" scout dozens of employees at targeted crypto companies, reviewing their social media activity, particularly on professional networking or employment-related platforms. This research enables the hackers to incorporate personal details regarding an intended victim's background, skills, employment, or business interests into tailored social engineering attacks.

The hackers often use realistic imagery and time-sensitive events harvested from publicly available resources online to make their scams look realistic. Victims are approached with carefully-tailored messages on platforms like LinkedIn or Telegram from phony "recruiters" claiming to represent major firms looking to expand their teams.

"We're seeing a lot of fake recruiting websites that claim to be affiliated with reputable companies," said Nick Percoco, chief security officer at Kraken. "These scams often involve asking job seekers to complete skills tests on suspicious websites or upload introductory videos of themselves."

The FBI pointed to a list of 17 North Korean domains seized by the Department of Justice (DoJ) in 2023 for examples of how convincing the fake recruiting websites can be. The hackers convincingly pretend to be real people whose identities can be confirmed with a bit of online research.

Victims are approached with offers of lucrative compensation, which they are tricked into taking after completing a fake skills test on a suspicious website and uploading an introductory video of themselves. Some crypto techs told Reuters that this stage of the "recruiting" process made them suspicious because shadow websites from obscure domains were used for the "skills tests" or to expedite the process of hiring.

Furthermore, there is no good reason to download a special program to record a video in 2025 when so many well-established and secure video messaging platforms are available. Unfortunately, some cryptocurrency workers who spoke to Reuters admitted they went ahead with the process, believing they were being headhunted by reputable recruiters for top-shelf firms.

They soon found thousands of dollars of cryptocurrency had vanished from their digital wallets, or their systems had been raided for contact information that could be used in future social engineering attacks. Fake recruiting scams have become such a problem in the industry that some big online finance companies, like Robinhood and Kraken, have issued warnings about fraudulent recruiters and asked for outsiders to report impersonators.

The FBI advised job seekers to be on the lookout for unusual "pre-employment test" requirements, unrealistic compensation offers, and insistence on using non-standard or custom software to complete simple tasks as warning signs of a scam.