North Korean | Crypto

North Korea’s crypto playbook now spans fake developers, conference contacts and major DeFi exploits reaching deep across the industry. This month’s $285 million exploit on Drift, a decentralized exchange (DEX), was the largest crypto hack in over a year, when exchange Bybit lost $1.4 billion. North Korean state-backed hackers were named as prime suspects in both attacks. This past autumn, attackers posed as a quantitative trading firm and approached Drift’s protocol team in person at a major crypto conference, said Drift in an X post Sunday. “It is now understood that this appears to be a targeted approach, where individuals from this group continued to deliberately seek out and engage specific Drift contributors, in person, at multiple major industry conferences in multiple countries over the following six months,” said the DEX. Read more

Security researcher Taylor Monahan listed at least 40 decentralized finance platforms she claims have been infiltrated by North Korean IT workers at some stage of their lives. North Korean IT workers have been embedding themselves in crypto companies and decentralized finance projects for at least seven years, according to a cybersecurity analyst. “Lots of DPRK IT workers built the protocols you know and love, all the way back to DeFi summer,” said MetaMask developer and security researcher Taylor Monahan on Sunday.  Monahan claimed that over 40 DeFi platforms, some being well-known names, have had North Korean IT workers working on their protocols. Read more

North Korean operatives were caught on camera, live, after security researchers lured them into a booby-trapped “developer laptop,” capturing how the Lazarus-linked crew tried to blend into a US crypto job pipeline using legitimate AI hiring tools and cloud services. The evolution in state-sponsored cybercrime was reportedly captured in real time by researchers at BCA […] The post Secret footage from a rigged laptop exposes how North Korean spies are slipping past your security team appeared first on CryptoSlate.

Democratic Senators Elizabeth Warren and Jack Reed asked the Justice Department and the Treasury Department to investigate World Liberty Financial after a watchdog alleged that WLFI token sales touched wallets tied to North Korea’s Lazarus Group, a Russia-linked ruble token, an Iranian exchange, and prior Tornado Cash users. The senators’ referral arrived after Accountable US […] The post Democrats attack Trump’s World Liberty Financial for taking North Korean money — want DOJ probe appeared first on CryptoSlate.

AI threat detection and enhanced wallet management may save crypto firms from North Korean infiltrators, cybersecurity experts told Cointelegraph. Cryptocurrency companies need to strengthen defenses against North Korean hackers who are seeking jobs at major Web3 businesses to stage large-scale exploits, security experts told Cointelegraph. Hiring North Korean developers may open a crypto project’s infrastructure to the threat of hacks and data breaches similar to the Coinbase data breach in May, which exposed the wallet balances and physical locations of about 1% of the exchange’s monthly users, potentially costing the exchange up to $400 million in reimbursement expenses. To fight this growing threat, the industry needs to adopt enhanced wallet management standards, real-time AI monitoring for the early prevention of exploits and more secure employee vetting practices, crypto security experts told Cointelegraph. Read more

Learn how a North Korean group used 31 fake identities to infiltrate crypto firms and steal $680,000 from Favrr. Inside their tools, tactics and deception. In a twist worthy of a cyber‑thriller, a group posing as blockchain developers pulled off a $680,000 heist on fan token marketplace Favrr in June 2025, only to be unmasked when one of their own devices was counter‑hacked. What emerged was startling: Six North Korean operatives had at least 31 fake identities. They carried forged government IDs, phone numbers and fabricated LinkedIn and Upwork profiles. Some even posed as talent from Polygon Labs, OpenSea and Chainlink to infiltrate the crypto industry. Read more

Blockchain investigator ZachXBT exposed a sophisticated North Korean IT worker operation that infiltrates Western technology companies through remote development positions. In an Aug. 13 report, the investigator highlighted that an unnamed source compromised a device belonging to one of five DPRK IT workers, providing unprecedented access to their operational methods.  The team systematically purchased fake […] The post ZachXBT exposes North Korean IT workers operating 30 fake identities across development platforms appeared first on CryptoSlate.

The Arizona woman helped North Korean operatives pose as U.S. IT workers and launder millions back to Pyongyang.

A North Korean developer gained elevated privileges inside Waves Protocol’s Keeper-Wallet codebase, according to a June 18 report by Ketman. The report highlighted routine scans for Democratic People’s Republic of Korea (DPRK) activity on GitHub, which uncovered the account “AhegaoXXX” pushing updates to Keeper-Wallet.  The wallet’s repositories showed no legitimate commits after August 2023, yet […] The post North Korean dev hijacks dormant Waves repositories, slips credential-stealing code in wallet updates appeared first on CryptoSlate.

Kraken says a North Korean actor applied for a tech job at the crypto exchange but foiled their plan after a tip-off from industry partners. US crypto exchange Kraken has detailed a North Korean hacker’s attempt to infiltrate the organization by applying for a job interview. “What started as a routine hiring process for an engineering role quickly turned into an intelligence-gathering operation,” the company wrote in a May 1 blog post. Kraken said the applicant’s red flags appeared early on in the process when they joined an interview under a name different from what they applied with and “occasionally switched between voices,” apparently being guided through the interview. Read more