On Tuesday, the U.S. government unveiled a new cybersecurity advisory alerting the public that North Korea's state-sponsored cybercrime groups are increasingly targeting America's blockchain and crypto sector.
"The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs)," the government advisory said.
The FBI, the U.S. Treasury Department, and Cybersecurity and Infrastructure Security Agency (CISA) named several prominent North Korean cybercrime groups, including Lazarus Group, APT38, BlueNoroff, and Stardust Chollim, in the alert.
The Lazarus Group was linked to the 2014 Sony Pictures hack and, more recently, the Axie Infinity crypto heist that stole more than $600 million from the Ronin network's Ethereum sidechain. According to the U.N. Security Council, the revenue from the cybercrime group's cryptocurrency thefts have allowed it to seize over $200 million each year in cryptocurrencies, which it uses to partly fund North Korea's weapons of mass destruction and ballistic missiles programs.
Recommended for You
According to Chainalysis, Ether remains the most popular crypto stolen by North Korean government-linked cybercrime groups, accounting for approximately 60% of all crypto. By contrast, less than a fourth of North Korea's stolen crypto is in Bitcoin.
“As of April 2022, North Korea’s Lazarus Group actors have targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearfishing campaigns and malware to steal cryptocurrency,” the report said.
The government also highlighted a spearphishing campaign known as “TraderTraitor,” which target the IT sector of a company with dubious download links seemingly sent from a credible sender, such as an employment recruiter.