North Korea, Fake Recruitments & Million-Dollar Crypto Hacks
Stealing tens of millions through fake high-salary job offers has become something of a signature of the North Korean state-sponsored hackers, the Lazarus Group.
It was through a simple PDF and a fake job offer, that the biggest heist of crypto history took place last year, when Ronin Bridge lost to them an astounding $624 million!
In 2023, they decided to go back to this winning strategy, and stricked another $37 million on July 22 from the Estonia-based cryptocurrency payments firm CoinsPaid via Linkedin!
CoinsPaid reported that, starting in March 2023, the Lazarus Group had attempted at first to break in through classic means: pure hacking.
After months without getting anywhere on that front, they decided to pursue the fake job offer route.
They dangled extremely appealing high-salary job offers in front of CoinsPaid’s employees, with compensation ranging from 16,000–24,000 USD a month, and waited for a fish to bite the hook!
An inattentive? unaware of the risk? employee took the bait, and had a fake job interview with them during which he was asked to download a software to complete a technical task.
Unfortunately, he did not do his job interview using his own personal computer, but from one that would give access to CoinsPaid’s infrastructure
The “software” was a malicious code that allowed the Lazarus Group “to gain remote control of a computer for the purpose of infiltrating and accessing CoinsPaid’s internal systems,” per CoinPaid.
After gaining access to CoinsPaid’s infrastructure, they were able to successfully open a backdoor that “allowed them to create authorised requests to withdraw funds from CoinsPaid hot wallets.”
That’s how $37 million were lost to the Lazarus Group.
Fake job offers are a widespread issue in the crypto space!
They are not the private turf of the Lazarus Group.
In our future article, we will cover how a whole scam industry has built itself around fake crypto job offerings that target retail investors in the space.
There are really only two ways to circumvent the risks linked to this kind of attacks:
- If you have a web3 company educate your employees to the risk of fake job offering and the absolute necessity for them to never use a device that has access to the company infrastructure during a recruitment process.
- Stay aware either as a candidate or a recruiter of too attractive an offer, especially if you did not go look for them.
Be they PDF you have to open or “software” you have to test or be tested on have the necessary tools to safguard yourself against them.
As always, stay vigilant, stay safe!
About us
Nefture is a Blockchain Security Company that secures crypto transactions!
With Nefture Security, you can get your Wallet security audit for free. Plus, enjoy the added peace of mind that comes with immediate alerts on new wallet approvals, as well as a monthly security report!
Check if your wallet is compromised now⚡https://www.app.nefture.com/
