Cryptocurrency communities face a growing threat from North Korea-backed hackers, the Lazarus Group. The group is now targeting users on the messaging app Telegram, warns blockchain security firm SlowMist.
The hackers employ a new strategy, posing as venture capital figures from Archax, HashKey, and Gumi Cryptos to entice crypto teams with investment proposals.
The attackers build trust through consistent messaging, tricking victims into running malicious scripts during supposed meetings. Showtime’s CEO recently revealed FBI warnings of Asian cybercriminals posing as HashKey’s Head running malware on his computer.
SlowMist points to the Lazarus Group’s use of Calendly’s “Add Custom Link” feature to embed discreet malicious links within event pages, evading detection. The firm identifies IP 184.108.40.206 as linked to phishing attempts and urges caution.
Lazarus Group, tied to North Korea, has reportedly stolen $3 billion from the crypto industry, allegedly funding weapons programs, with recent breaches, including the Ronin bridge exploit, linking back to North Korea-affiliated wallets and surpassing $600 million in thefts.
Chainalysis estimates over $3 billion stolen by North Korean hackers in the past five years, supported by South Korean reports of a $1.2 billion theft in 2022 alone.
The escalating cyber threat from North Korea’s Lazarus Group underscores the imperative for heightened vigilance and proactive measures within the cryptocurrency community.