Several U.S. federal agencies issued a joint warning about an increase in crypto-related hackings. Posted as an alert by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Treasury Department.
Related Reading | Could Musk Fix This? Blue Checked NFT Scams Swamp Twitter
The U.S. government agencies noted the “cyber threat associated with cryptocurrency thefts and tactics” used by malicious actors with alleged ties to North Korea. The rogue nation could be sponsoring these activities since 2020, according to the alert.
The malicious actors were identified as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. The U.S. federal agencies claimed:
The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games (…).
According to the document, the malicious actors are using social engineering attacks via different “communication platforms” to introduce malware into the victims’ computers. Once the bad actors have control over the computer, the alert says, they steal their private keys or exploit other vulnerabilities.
These North Korea-backed malicious actors are behind some of the biggest hacks in the crypto space. The attacks have been increasing in the past months with major projects, such as NFT based game Axie Infinity, losing as much as $600 million to these attackers.
The malicious actors could incentivize to target these projects due to their open-source nature, the low risk compared to a bank or a centralized entity, and the high rewards. The alert added:
As of April 2022, North Korea’s Lazarus Group actors have targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry (…). These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime.
How North Korean Bad Actors Could Try To Steal Your Crypto
The agencies described the tactics used by the bad actors in more detail. As mentioned, these include phishing attacks targeting a company’s employees.
The target receives a message via social media with an offer of a high-paying job. This lures the victim into downloading the malware which carries malicious code.
Once installed, the software runs “an update” on the program which executes a malicious payload. This begins a process that compromises the victim’s computer in a short time. The alert claims:
Post-compromise activity is tailored specifically to the victim’s environment and at times has been completed within a week of the initial intrusion.
The U.S. federal agencies recommended users and companies implement two-factor authentication measures, program monitoring, create a whitelist for applications, endpoint protection, and other actions that could mitigate a potential attack.
MyCrypto CEO Taylor Monahan compiled a list of examples to visualize the tactics used by these malicious actors. Monahan advised caution as these actors could “ruin you”.
here's a dump of examples of the sneaky malicious phishing emails and messages and sites designed to trick you.
mostly crypto. or used to target crypto folks. mostly Lazarus / Bluenoroff / North Korean APT. 🎣
these will ruin you. all of you. pic.twitter.com/MLdugEgv4r
— Tay 💖 (@tayvano_) April 19, 2022
Related Reading | Crypto May Be Used To Fund Terror, Indian Finance Minister Says
At the time of writing, Ethereum (ETH) trades at $3,100 with a 6% profit in the last 24-hours.