North Korean hackers are promoting fraudulent bitcoin job opportunities to swindle individuals out of their money.
“It happens to me all the time and I’m sure it happens to everybody in this space,” stated Carlos Yanez. Even without being hacked, Yanez noted that North Korean masquerades enhanced last year. He remarked, “It’s scary how far they’ve come.” According to blockchain intelligence, North Korea was responsible for $1.34 billion in cryptocurrency theft last year. U.S. and UN observers assert that Pyongyang is engaged in the theft of weapons for its development efforts.
A public warning indicated that North Korea was targeting bitcoin through “complex and elaborate” social engineering tactics. Seven targets provided screenshots of their conversations with hackers to illustrate the tactics used to deceive them and the strategies involved. Employers advertise blockchain positions on LinkedIn or Telegram. “We are currently expanding our team,” a Bitwise Asset Management recruiter informed Victoria Perepel on LinkedIn on January 20. “We are looking for individuals passionate about the cryptocurrency market.” The recruiter directed candidates to an unfamiliar website to complete a skills assessment and create a video following the job and salary discussion. Numerous targets became wary. Why not conduct interviews via Live Zoom or Google Meet? “We follow a structured hiring process, and the video assessment is a key part of our evaluation to ensure consistency and fairness for all candidates,” Slizewski stated.
Haglund concluded the interview, but others continued. Unidentified U.S. bitcoin product managers shared the video with recruiters from Ripple Labs. He felt deceived when his computer’s digital wallet lost $1,000 in ether and Solana that evening. He noticed that the Ripple recruiter’s LinkedIn profile had disappeared. Consultant Ben Humbert and Kraken recruiter Mirela Tafili engaged in a discussion about a project management position on LinkedIn. Following a short virtual interview, Tafili shared a link with Humbert to streamline the process and move forward. Humbert grew wary and ceased communication. Ripple and Bitwise did not provide any comments. Robinhood took action against scam-related sites after becoming “aware of a campaign earlier this year that attempted to impersonate several crypto companies, including Robinhood.” LinkedIn stated that the fake recruiters identified by Reuters had been “previously actioned.” Telegram asserts that all fraudsters have been eliminated. Reuters was unable to contact the hackers.
Previously known as “Contagious Interview,” Palo Alto Networks has developed a tab. IP addresses and emails from earlier hacks directed researchers to North Korea. Researchers uncovered unintended log files from hackers that revealed the email and IP addresses of more than 230 individuals, including coders, influencers, accountants, consultants, executives, marketers, and others who were targeted between January and March. Reuters informs all assault targets. Every 19 news agency interviewed said they were targeted. A fraudulent hacker group asserted that this was related to cryptocurrency. North Korea’s UN envoy disregarded Reuters. Pyongyang frequently refutes claims of appropriating cryptocurrency. Senior SentinelOne stated that Reuters focused on “a tiny tiny fraction” of Contagious Interview’s potential victims, which represents a subset of North Korea’s bitcoin heist.
“They’re a typical scam group,” he stated. “They seek breadth.” Kraken CEO Percoco stated that recruiting scams started in late 2022 and persisted through March, April, and May. “We actively seek out fraudulent recruiter accounts and often receive complaints such as, ‘Hey, I was interviewing for a job with you guys and then it turned really scammy,'” Percoco stated.