The Federal Bureau of Investigation (FBI), the Treasury Department, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) all have the same warning: A new collection of cyber attacks is ongoing now, all aimed at blockchain-oriented companies.
These attacks on those in the Web3.0 industry use a trojanized application dubbed “TraderTraitor,” and are tied to the North Korean state-sponsored Lazarus Group.
According to the joint Cybersecurity Advisory, the attacks go back as far as 2020. Here's what you need to know.
Are You a TraderTraitor Target?
The list of targets is long, and covers pretty much every major type of entity operating in cryptocurrency:
- Cryptocurrency exchanges
- Decentralized finance (DeFi) protocols
- Play-to-earn cryptocurrency video games
- Cryptocurrency trading companies
- Venture capital funds investing in cryptocurrency
- Individual holders of large amounts of cryptocurrency or valuable NFTs
The joint Cybersecurity Advisory specifically calls out only those holding “valuable” NFTs, so most NFT holders should remain safe. Still, any businesses on the blockchain should be watching out.
How to Stay Safe
The most important thing to know? Social engineering is a major issue that potential targets should stay aware of. Hackers might use a wide range of communication services to trick individuals at these companies into downloading trojans onto both Windows and macOS operating systems.
“Intrusions begin with a large number of spear-phishing messages sent to employees of cryptocurrency companies,” according to the advisory. “The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications.”
The TraderTraitor-using hacking group's MO is to take their time. As the advisory puts it:
“The cyber actors then use the applications to gain access to the victim’s computer, propagate malware across the victim’s network environment, and steal private keys or exploit other security gaps. These activities enable additional follow-on activities that initiate fraudulent blockchain transactions.”
This isn't out of the blue: 75% of cyberattacks start with a phishing email, according to last month's Trend Micro Annual Report. Hackers know that the human element is the weakest link in a company with otherwise stellar security, so they try to trick people out of login codes first.
The Cybersecurity Job Never Ends
When it comes to these attacks specifically, employees at blockchain companies should know to keep their eye out for any recruitment emails that seem too good to be true.
Other phishing attacks might include emails impersonating bosses or staying just vague enough to seem legitimate — Russian hacking attempts are also predicted to be on the rise, so state-sponsored threats aren't limited to North Korea.
Keeping watch for misspellings or poorly mimicked letterheads in any new emails is a job easier said than done, however. Phishing is effective because it's so difficult to keep one's guard up 24/7. We'd recommend a strong password management tool, since they often flag sketchy websites and can protect those who may not be operating at peak capacity — LastPass and 1Password remain our top picks.