- North Korean hackers target U.S. Bitcoin ETFs using advanced social engineering tactics.
- FBI warns crypto firms to verify new contacts and secure digital assets against cyber threats.
- Multi-factor authentication and offline storage are essential for safeguarding cryptocurrency.
The FBI has raised alarms over cyberattacks targeting U.S. Bitcoin Exchange-Traded Funds (ETFs), with North Korean hackers at the center of these operations. These attackers employ sophisticated social engineering tactics to infiltrate crypto firms and steal valuable digital assets.
The FBI’s warning has shown the growing threat posed by North Korean hackers, who meticulously research their targets before launching attacks. These hackers focus on specific employees within decentralized finance (DeFi) and cryptocurrency companies, gathering detailed information from social media profiles and job platforms.
The ultimate goal is to build trust with the victim over time. The hackers engage in prolonged conversations, often posing as recruiters or executives from the tech industry. By leveraging information gathered about the victim’s job, skills, or hobbies, they make their scams appear legitimate.
Once trust is established, they deceive the victim into downloading malware or clicking on a malicious link, providing the hackers with access to the company’s network.
Impersonation plays a crucial role in these cyberattacks. The FBI reports that hackers often pretend to be someone the victim may already know, such as a recruiter or a technology executive.
They use stolen photographs and create fake profiles to enhance their deception. In some cases, they go as far as setting up fake websites for companies that do not exist. In October 2023, the Department of Justice successfully seized 17 domains established by North Korea to impersonate legitimate businesses.
The FBI has issued several guidelines to help companies protect themselves against these threats. First and foremost, the agency advises verifying the identity of any new contact through multiple communication channels. It is also recommended that cryptocurrency wallet information not be stored on devices connected to the internet.
For companies that require pre-employment tests involving code execution, the FBI suggests using a virtual machine that is not connected to the company’s network. Additionally, implementing multi-factor authentication for any financial transactions is strongly encouraged. Regular vulnerability checks on the company’s network are also crucial in maintaining cybersecurity.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
