A sophisticated cyber attack campaign led by the notorious Lazarus hacker group from North Korea has just been exposed, showing an increasing level of daring and skill in targeting crypto developers worldwide. Particularly concerning is that this time, they set up fake companies in the US – which is considered the center of cybersecurity oversight and the strictest legal compliance.
Set up a company in the US to... defraud Americans
According to a disclosure from the cybersecurity company Silent Push, two seemingly legitimate companies – Blocknovas LLC (in New Mexico) and Softglide LLC (in New York) – are actually fronts for the hacker group #Lazarus linked to the North Korean General Intelligence Bureau.
These companies were established with fake documents, directly violating sanctions from the Office of Foreign Assets Control (OFAC) and United Nations regulations. A third company named Angeloper Agency is also linked to the campaign but has no registration records in the US.
Tricks that target trust: Fake interviews, real malware
The hackers' strategy was designed intricately:
Create a professional company profile with a website, contact information, an engaging project description, and exciting job opportunities for blockchain developers.
Invite interviews with programmers and blockchain engineers – especially those who are well-known or have previously worked on major crypto projects.
Install malware through attachments, fake Zoom links, or remote interview tools.
Take control of cryptocurrency wallets, steal login information, and withdraw all assets from the wallet without leaving traces.
According to Silent Push, Blocknovas is the most active front in this campaign, with many victims already identified.
FBI steps in, website seized
Last Thursday, #FBI officially closed the Blocknovas website and posted a seizure notice stating:
"This website has been seized as part of law enforcement action against North Korean cyber actors, who use this domain to defraud individuals through fake job postings and spread malware."
This move demonstrates the seriousness and top priority that the US government is placing on cyber espionage activities related to crypto.
Lazarus – an underground force expanding its scale
Regarded as the "most advanced persistent threat" according to an FBI official, the Lazarus group has continuously shaken the cryptocurrency industry:
In February, Lazarus was accused of being behind the $1.4 billion hack from Bybit – one of the largest cryptocurrency thefts in history.
At the beginning of this month, Kenny Li, co-founder of Manta Network, was targeted in a Zoom call impersonation attack – a typical modus operandi of Lazarus.
A report from GTIG also warns that many North Korean IT programmers are infiltrating technical teams in the US, Germany, the UK, and Serbia with fake job applications, creating a risk of internal data leaks.
Impact on the crypto community and Binance users
For the crypto community, especially users and developers on Binance:
Such increasingly sophisticated scams can lead to irretrievable asset loss, even if users only mistakenly download a file or participate in a fake interview.
Web3 projects, DEX, decentralized wallets – where security management is a personal responsibility – will be preferred targets for hackers.
The community must be more vigilant against overly attractive job opportunities, especially from unfamiliar companies in the US that have no real activity on LinkedIn or GitHub.
Official warning from the FBI
The FBI states it will continue to monitor and address not only North Korean hackers but also individuals and organizations that assist their operations worldwide. This is a warning for developers, crypto companies, and remote workers:
"The FBI is focused on imposing consequences not only on agents from the Democratic People's Republic of Korea but also on anyone who aids or facilitates these schemes."
Conclusion and risk warning
The fact that North Korean state hackers brazenly set up virtual companies in the US to reach crypto developers shows the level of danger and complexity of current cyber attacks. This is no longer just an individual issue, but a silent war between nations, occurring within the crypto industry.
Risk warning: The cryptocurrency market always carries high risks, not only from price volatility but also from cybersecurity threats. Protect your assets by thoroughly verifying the identity of partners, using cold wallets, and never sharing private keys or seed phrases. Crypto investment is not for everyone and requires understanding and high vigilance.