FBI Warns North Korean Hackers Are Targeting Blockchain Companies

"Intrusions begin with a large number of spear-phishing messages sent to employees of cryptocurrency companies."
Adam Rowe

The Federal Bureau of Investigation (FBI), the Treasury Department, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) all have the same warning: A new collection of cyber attacks is ongoing now, all aimed at blockchain-oriented companies.

These attacks on those in the Web3.0 industry use a trojanized application dubbed “TraderTraitor,” and are tied to the North Korean state-sponsored Lazarus Group.

According to the joint Cybersecurity Advisory, the attacks go back as far as 2020. Here's what you need to know.

Are You a TraderTraitor Target?

The list of targets is long, and covers pretty much every major type of entity operating in cryptocurrency:

  • Cryptocurrency exchanges
  • Decentralized finance (DeFi) protocols
  • Play-to-earn cryptocurrency video games
  • Cryptocurrency trading companies
  • Venture capital funds investing in cryptocurrency
  • Individual holders of large amounts of cryptocurrency or valuable NFTs

The joint Cybersecurity Advisory specifically calls out only those holding “valuable” NFTs, so most NFT holders should remain safe. Still, any businesses on the blockchain should be watching out.

How to Stay Safe

The most important thing to know? Social engineering is a major issue that potential targets should stay aware of. Hackers might use a wide range of communication services to trick individuals at these companies into downloading trojans onto both Windows and macOS operating systems.

“Intrusions begin with a large number of spear-phishing messages sent to employees of cryptocurrency companies,” according to the advisory. “The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications.”

The TraderTraitor-using hacking group's MO is to take their time. As the advisory puts it:

“The cyber actors then use the applications to gain access to the victim’s computer, propagate malware across the victim’s network environment, and steal private keys or exploit other security gaps. These activities enable additional follow-on activities that initiate fraudulent blockchain transactions.”

This isn't out of the blue: 75% of cyberattacks start with a phishing email, according to last month's Trend Micro Annual Report. Hackers know that the human element is the weakest link in a company with otherwise stellar security, so they try to trick people out of login codes first.

The Cybersecurity Job Never Ends

When it comes to these attacks specifically, employees at blockchain companies should know to keep their eye out for any recruitment emails that seem too good to be true.

Other phishing attacks might include emails impersonating bosses or staying just vague enough to seem legitimate — Russian hacking attempts are also predicted to be on the rise, so state-sponsored threats aren't limited to North Korea.

Keeping watch for misspellings or poorly mimicked letterheads in any new emails is a job easier said than done, however. Phishing is effective because it's so difficult to keep one's guard up 24/7. We'd recommend a strong password management tool, since they often flag sketchy websites and can protect those who may not be operating at peak capacity — LastPass and 1Password remain our top picks.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He's also a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi coming out from Abrams Books in 2022. In the meantime, he's hunting own the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals