According to BlockBeats news on August 13, Binance's Chief Security Officer Jimmy Su stated that the trading platform receives a large number of fake resumes every day, and he is convinced that these resumes are written by potential North Korean attackers. In his view, state-level attackers from North Korea are the biggest threat facing companies in the cryptocurrency industry today. Su explained that North Korean attackers have been an issue throughout Binance's eight-year operating history, but their tactics have recently evolved in the crypto space. 'The biggest threat to the cryptocurrency industry at the moment is state-level attackers, particularly North Korea's Lazarus Group,' Su added, 'In the past two to three years, they have focused on the crypto space and have been quite successful in their operations.' He also mentioned, 'Almost all major North Korean hacking incidents involve a disguised employee assisting in the attack.'
North Korean state-level attackers also have two common attack methods: implanting malicious code in public NPM libraries and issuing fake job invitations to cryptocurrency practitioners. NPM (Node Package Manager) libraries or packages are collections of reusable code commonly used by developers. Malicious attackers can copy these packages and insert a tiny line of malicious code, which can lead to serious consequences while maintaining the original functionality. Even if the malicious code is discovered only once, it can gradually embed itself into the system as developers build new features on top of it.
To mitigate such risks, Binance must carefully review every line of code. Major cryptocurrency exchange platforms share security intelligence in Telegram and Signal groups to flag libraries implanted with malicious code and emerging North Korean attack methods.