Recommended
North Korea Hackers Are Targeting Blockchain Companies
2022/04/20By:
The U.S. government has warned that North Korean groups are deliberately targeting cryptocurrency exchanges, DeFi protocols, play-to-earn games and high-net-worth individuals.
A new alert by the FBI and the Treasury Department has sought to lift the lid on some of the techniques used by the Lazarus Group — with companies urged to patch vulnerabilities, train employees on how to recognize phishing attempts, and use multi-factor authentication.
The statement warns that victims of social engineering attacks are often encouraged to download “trojanized” crypto applications that appear genuine. From here, attackers gain control of their computer, spread malware across their network, and steal private keys.
“These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime.”
According to the alert, victims who work in system administration or software development are often sent messages that pretend to be from a recruitment company — offering high-paying roles. They’re wooed into downloading a type of malicious app that the U.S. government calls “TraderTraitor” — and worryingly, they’re often accompanied by bogus websites with convincing designs.
The warning comes days after the Treasury implicated the Lazarus Group in the attack on Ronin, the blockchain that powers Axie Infinity. ETH and USDC worth over $625 million was stolen — smashing records for the biggest crypto hack on record.
Important Tips for Prevention
A plethora of recommendations has been made to help businesses prevent their infrastructure being targeted.
As well as using separate networks to limit how far an attack spreads, organizations are urged to have “a timely vulnerability and patch management program in place.”
Businesses have also been warned that North Korean groups frequently target email addresses and social media accounts — meaning regular password changes are needed, as well as multi-factor authentication to add another layer of defense.
Other tips include educating employees on how social engineering attacks can occur, and providing training on social engineering warning signs— and the dangers of opening links and attachments from senders who should not be trusted.
Register now to begin your crypto journey
Download the BTCC app via App Store or Google Play
Follow us
Scan to download
- Terms & Agreement
- Customer Service
Quick Links
Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.
The world’s longest-running cryptocurrency exchange since 2011 © 2011-2024 BTCC.com. All rights reserved