DOJ Cracks Down: North Korea-Backed Crypto Heist Ring Swiped $1M in Digital Assets

U.S. justice strikes hard against cybercrime syndicate—turns out even dictatorships need side hustles.

The Lazarus Hackers’ Bad Day

Federal prosecutors just dropped the hammer on a crypto theft operation with Pyongyang’s fingerprints all over it. Nearly $1 million in digital assets vanished before authorities slammed the brakes.

How They Played the Game

Classic move: phishing meets blockchain. The group deployed malicious smart contracts and social engineering—because why mine crypto when you can steal it from amateurs?

The Irony of State-Sponsored Crime

North Korea’s elite hacking squads keep funding nukes with crypto scams while Wall Street still debates ‘blockchain adoption.’ Priorities, people.

Fraudsters Target Georgia-Based Blockchain Firm, Serbian Crypto Company

The case is being handled by the Federal Bureau of Investigation (FBI) and is part of the DOJ’s ‘DPRK RevGen’ plan that targets high-impact North Korea-linked illicit revenue generation rings.

According to the investigation, the defendants initially operated as a team in the UAE in 2019. Between December 2020 and May 2021, these perpetrators joined a Georgia-based blockchain firm and a Siberian crypto company as developers.

“Both defendants concealed their North Korean identities from their employers by providing false identification documents containing a mix of stolen and fraudulent identity information,” the DOJ revealed.

In February 2022, two of the impersonated employers were assigned projects that provided them access to crypto. The defendants used that access to steal digital assets in two separate operations worth $175,000 and $740,000 at the time. They reportedly modified the source code of two employers’ smart contracts.

DPRK Crypto Attacks Magnify

North Korea has been developing novel and more sophisticated attacks on crypto firms in the recent past. In April, spies from the DPRK infiltrated the US corporate system to feed in a malware campaign targeting crypto developers.

They used fake US firms and domains to post job interviews to trick developers into downloading malware.

North Korean cyber spies reportedly set up fake US firms to deploy malware targeting crypto developers, violating Treasury sanctions.#NorthKorea #CyberSecurity https://t.co/TvCmrspaep

Another sophisticated method to steal crypto is via Zoom meetings, and hiding malware in GitHub. According to Nick Bax of the Security Alliance, a threat group is working to steal data and funds through fake business calls on Zoom.

The DPRK-linked players send messages in the chat saying they can’t hear audio, suggesting listeners click on a fake link.

Last week, reports revealed that North Korea is targeting Indian crypto job applicants with malware to steal their data.