State-sponsored hackers from North Korea are pushing boundaries once again. By offering fake freelance IT jobs, they’ve infiltrated cloud infrastructures of crypto companies and stolen hundreds of millions in digital assets — all through malware, social engineering, and even artificial intelligence.

🎯 The Target: Employees' Trust

According to recent cybersecurity findings, the North Korean group UNC4899 (also known as TraderTraitor) approached unsuspecting employees via social media, posing as recruiters with enticing IT job offers. Once they gained the target's trust, they sent “test tasks” which, when executed, infected the victim’s device with malware.

This opened the door to cloud environments, allowing the hackers to steal login credentials, explore the infrastructure, and identify the servers responsible for processing crypto transactions.

The result? Several multi-million dollar thefts in just one attack — repeated across various companies.

🧠 AI as a Weapon of the Future

The report highlights how these hackers are extremely adaptive. They use artificial intelligence to generate highly realistic messages and conversations that build rapport with their victims. Their phishing scripts and malware-laced communications are now more convincing than ever.

The attackers often impersonate journalists, professors, or subject matter experts to boost credibility.

🛠 From JavaScript to Electron

This campaign began as early as 2020, when hackers used fake job offers to trick employees into downloading applications built with Node.js and the Electron framework — apps that turned out to be trojans.

By 2024, their methods evolved, focusing on malicious open-source code and intensive targeting of crypto exchanges.

📉 Some of the largest attacks include:

🔹 The DMM Bitcoin hack in Japan – $305 million stolen

🔹 The Bybit hack – $1.5 billion stolen late in 2024

☁️ Why Cloud Infrastructure?

Cloud platforms are the lifeblood of many young crypto firms — which also makes them incredibly vulnerable. Many of these companies are cloud-native and still maturing their security practices.

Experts say cloud-based attacks enable hackers to target broader systems, increasing their chance to profit on a larger scale.

💰 Tally So Far: $1.6 Billion in 2025

Reports estimate that North Korean hacking groups have stolen over $1.6 billion in crypto assets in 2025 alone. These operations are highly organized, with thousands of individuals spread across overlapping subgroups.

The country has become a global leader in crypto hacking, accounting for 35% of all stolen funds worldwide in 2024.

🚨 What’s Next?

North Korean hackers continue to evolve and adapt — leveraging AI, cloud weaknesses, and advanced social engineering tactics. And their operations show no signs of slowing down.

“There are no signs of these attacks slowing. If anything, the expansion will likely accelerate,” experts warn.

#CyberSecurity , #northkorea , #hackers , #cyberattack , #cybercrime

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:

,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“