U.S., Japan, South Korea warn against North Korean IT workers
TOKYO, JAPAN — The United States, Japan, and South Korea have issued a joint warning to the blockchain industry about escalating cyber threats posed by North Korean hackers.
In a joint statement released last January 14, the three nations underscored the risks of hiring IT workers linked to the Democratic People’s Republic of Korea (DPRK), cautioning that such actions could inadvertently enable cyberattacks targeting the global financial system.
North Korean hackers exploit blockchain industry
Advanced persistent threat groups associated with North Korea, such as the infamous Lazarus Group, have been implicated in a series of high-profile cryptocurrency thefts. These groups have targeted exchanges, digital asset custodians, and individual users through sophisticated methods.
In 2024 alone, North Korean hackers were linked to attacks that resulted in $308 million stolen from Japan’s DMM Bitcoin exchange and $50 million from South Korea’s Upbit platform. Data from Chainalysis, a blockchain research group, showed North Korean groups have stolen $1.34 billion through cryptocurrency hacks last year, their highest level of such thefts on record.
Major cryptocurrency thefts linked to DPRK in 2024
The DPRK’s cyber activities are believed to fund its weapons programs, making these crimes not only a financial threat but also a geopolitical issue.
Other notable thefts attributed to North Korean hackers include $16.13 million stolen from Rain Management and previous attacks in 2023 targeting WazirX and Radiant Capital.
Social engineering and malware tactics exposed
North Korean cyber actors employ advanced tactics such as social engineering and malware deployment. Tools like TraderTraitor and AppleJeus have been used to compromise systems.
Moreover, researchers at the Cyberwarcon conference in November 2024 found that DPRK-linked hackers were posing as remote IT workers or recruiters to infiltrate companies.
Governments call for public-private cybersecurity collaboration
The joint statement emphasized the importance of public-private cooperation to counter these threats. Initiatives like the U.S.-based Crypto-ISAC and similar efforts in Japan and South Korea were highlighted as critical mechanisms for information sharing and incident response.
“Deeper collaboration among the public and private sectors of our three countries is essential to proactively disrupt these malicious actors’ cybercrime operations,” the statement noted.
Trilateral efforts aim to disrupt North Korean cybercrime
The United States, Japan, and South Korea have reaffirmed their commitment to combating North Korean cyber activities through a combination of sanctions, strengthened cybersecurity measures, and coordinated trilateral efforts. The three nations urged blockchain companies to carefully review past advisories to avoid inadvertently hiring IT workers linked to the DPRK, which could expose their operations to infiltration and cyberattacks.
In 2023, the Federal Bureau of Investigation (FBI) issued a similar warning to U.S. employers, advising caution when hiring remote information technology (IT) workers. The FBI uncovered a scheme in which North Korean IT professionals used fake identities to infiltrate American companies.
“At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities,” said FBI Special Agent Jay Greenberg.
U.S. Attorney Sayler A. Fleming for the Eastern District of Missouri echoed this concern, stating: “You may be helping to fund North Korea’s weapons program or allowing hackers to steal your data or extort you down the line.”
As North Korea intensifies its cyber campaigns targeting the web3 ecosystem, these warnings underscore the urgent need for vigilance and proactive measures within the blockchain industry.
