Skip to main content

North Korean Hackers Pose as IT Experts to Steal Billions in Crypto

By 07.08.2025Security & Hacks, News Hub2 min read
54
Table of Contents show

North Korea is notorious for its aggressive cyber operations. The main player here is the Lazarus Group, famous for the Sony Pictures hack, the SWIFT banking attacks, and numerous crypto thefts. Other active teams include APT38, BlueNoroff, and Andariel—all affiliated with North Korean military intelligence.

How the Scheme Works: Fake IT Pros from Pyongyang

According to the US Treasury Department, North Korean hackers stole over $1.7 billion in cryptocurrency in 2023 alone. Since 2017, their total “take” exceeds $3.5 billion.

Here’s how the attack unfolds:

  1. Creating Fake Resumes and Profiles:
    Dozens of false identities are built across LinkedIn, GitHub, Upwork, and more. One real-world example: a profile called “Paul Kim,” claiming experience in AWS, Google Cloud, and Solidity.
  2. Getting Hired by Foreign Companies:
    In 2023, investigations showed hackers landing developer roles at firms like Harmony (DeFi platform) and Axie Infinity (blockchain gaming project).
  3. Gaining Access to Wallets and Internal Infrastructure:
    Once hired, criminals obtained credentials to company wallets and backend systems. This is exactly how the Ronin Bridge (Axie Infinity) hack happened, with nearly $625 million stolen—the largest DeFi hack in history.
  4. Laundering the Funds:
    Stolen crypto is funneled through mixers like Tornado Cash and various exchanges in China and Russia, making the trail extremely hard to follow.

Notorious Cases and Real Victims

  • Harmony Bridge (2022): Losses of $100 million. Lazarus Group was linked to the attack.
  • Ronin Bridge (Axie Infinity, 2022): Losses of $625 million. The largest DeFi hack to date.
  • Atomic Wallet (2023): Losses exceeding $35 million.
  • Freelance & IT Platforms: Chainalysis reports over 1,500 fake accounts linked to North Korea in 2023 alone.

Why Are They So Hard to Stop?

  • Freelance Platforms: Hackers thrive on Upwork, Freelancer, and similar sites, where identity checks are minimal.
  • Global Anonymity: Remote positions open doors to fake specialists worldwide.
  • Corporate Culture Gaps: Fast-growing crypto companies often lack the resources for thorough staff vetting, especially on tight deadlines.

How to Protect Your Company: Practical Tips

  • Always require video interviews and check document authenticity.
  • Use strict access controls and mandatory multi-factor authentication.
  • Monitor suspicious transactions and new employee activity.
  • Employ third-party background screening and blockchain analytics services (like Chainalysis, TRM Labs).

Related Posts

tron-fees-cut
TRON Cuts Fees by 60%: What Awaits Users and InvestorsIndustryNews Hub

TRON Cuts Fees by 60%: What Awaits Users and Investors

30.08.20254 min
Crypto Influencer CP3O Jailed for $3.5M CryptojackingSecurity & HacksNews Hub

Crypto Influencer CP3O Jailed for $3.5M Cryptojacking

18.08.20253 min
Monero in the Crosshairs: How Qubic Took 51% of the Network’s HashrateSecurity & HacksNews Hub

Monero in the Crosshairs: How Qubic Took 51% of the Network’s Hashrate

12.08.20252 min

Leave a Reply

Privacy Policy | Terms Of Services | Disclaimer

© Bitlich 2025 copyrights. All Rights Reserved.
This site contains affiliate links to products/services. We may receive a commission for purchases made through these links.