North Korea Targeting Prominent Crypto Organizations, Says Leading VC

Key Insights:

• Arthur highlighted the growing threat of North Korea in the crypto space.
• He suggested implementing an address monitoring system.
• Just yesterday US Treasury revealed North Korea’s Lazarus group executed the biggest hack in the history of crypto.

DeFiance Capital Founder Arthur Cheong, aka ‘Arthur_0x’, put out a series of tweets earlier today detailing the threat North Korea presents to the crypto space.

Initially written just for DeFiance Capital portcos and partners, Arthur decided to release it to the general public as well in the interest of public welfare.

Beware of North Korea

According to Arthur, research conducted by DeFiance Capital and a leading cyber security expert brought to light an organized campaign executed to target ‘all the prominent organizations in the crypto space by the hacker group BlueNorOff.

As per Arthur, the cybercrime organization is a state-run group who have achieved sophistication in its phishing methods, making it difficult to detect them now. And given their recent success, he believes that going forward, these attacks are only going to get more frequent and further intense.

Not too long ago, Arthur himself was the victim of a phishing attack which he now claims was conducted by none other than the BlueNorOff group. In this attack, the Venture Capitalist lost over $1.5 million in NFTs when his hot wallet was attacked.

Thus to prevent a similar occurrence, he highlighted a few things which crypto companies can follow, including implementing a multi-signature wallet secured by hardware wallets.

A dedicated computer for crypto transactions that have no interaction with Emails and other such apps can also minimize hack risks and doubling down on 2FA (Two-Factor Authorisation) as well.

One suggestion that stood out was how these cyber criminals from the Lazarus Group are forming fake organizations posing as software developers to be hired remotely, taking advantage of the ongoing pandemic to get direct access to the systems.

Adding to the same, Arthur tweeted,

“We have heard of this case from one of our portfolio companies where applicants for their software engineer role appear to be suspicious in interview, and unable to match up with their profile in their resume.”

Thus he suggested staying wary of this as well since direct access to the network will be equal to leaving the vault open. He also finally suggested implementing an address monitoring system so that unauthorized transactions can be detected and flagged immediately.

The Lazarus

One of the most famous cybercriminal groups in the world, Lazarus, is the spawn of the Democratic People’s Republic of Korea’s (DPRK) intelligence agency called the Reconnaissance General Bureau.

This group, in 2021, singlehandedly managed to conduct hacks, exploits, and scams amounting to $400 million.

They were also responsible for Axie Infinity’s Ronin Network’s $625 million hack.

As reported by FXEmpire, the US Treasury Department as well crypto and blockchain analytics firm Chainalysis confirmed that it was the Lazarus group that executed the biggest hack in the history of crypto.

Therefore, hereon companies might want to begin practicing higher precautions when it comes to digital asset-related activities.