North Korean Hackers Pose as U.S. Firms in Sophisticated Crypto Dev Targeting Scheme
Lazarus Group goes corporate—fake American front companies now serve as bait for blockchain engineers.
How they’re doing it: Phony job offers, ’legitimate’ GitHub repos, and VC-backed startup personas. All roads lead to drained wallets.
The twist? These ops bypass traditional KYC checks by impersonating registered U.S. entities—because nothing says ’compliance theater’ like a Delaware LLC paper trail.
North Korea’s phishing campaigns
This is just the latest example of North Korea’s cyber operations, which one FBI official described as “perhaps one of the most advanced persistent threats” facing the United States.
North Korea’s Lazarus Group, which was responsible for February’s $1.4 billion hack of crypto exchange Bybit, is now thought to be branching out into phishing campaigns targeting the crypto industry.
Earlier this month, Manta co-founder Kenny Li was targeted by a phishing attempt that bore the hallmarks of Lazarus Group’s MO, using a fake Zoom call as a vector to distribute malware. And a recent GTIG report found that North Korean IT workers are infiltrating teams across the U.S., UK, Germany, and Serbia, using fake resumes and forged documents to pose as legitimate developers.
The FBI said that it continues to "focus on imposing risks and consequences, not only on the DPRK actors themselves, but anybody who is facilitating their ability to conduct these schemes."
