"Caught Red-Handed"...North Korean Hackers Infiltrate Conferences, Deceiving the Entire Industry

▲ North Korea, Circle (USDC)/ChatGPT generated image ©

Hackers supported by the North Korean authorities are attempting to carry out hacks by directly attending virtual asset conferences and approaching relevant officials.

Cointelegraph, a specialized virtual asset media outlet, reported on April 9 (local time) that North Korean hackers were behind the $285 million hacking incident that occurred at the decentralized exchange Drift. They used social engineering techniques through face-to-face contact, in addition to remote attacks.

The attackers impersonated employees of a quant trading firm. They met Drift team officials at conferences in various countries to build trust. Subsequently, they moved funds through Tornado Cash and issued a fake token called CVT. They inflated the trading volume of the fake token to induce the exchange oracle to recognize it as a legitimate asset. Using approved multi-signature authority, they withdrew funds on April 1. This incident is the second-largest in the history of the Solana (SOL) network.

North Korean-affiliated IT personnel are being employed as remote developers in Western technology companies using forged identities. According to an investigation by blockchain analyst ZachXBT, they earned over $1 million per month. They passed the recruitment process using forged documents and then transferred funds via Payoneer. The UN Security Council announced that these funds are used for North Korea's weapons development program.

The industry has prepared countermeasures, such as inducing political statements during video interviews. However, hackers are sophisticated their methods, such as remotely controlling devices within the United States. Security experts explained that caution should be exercised against methods that circumvent geographical restrictions in a remote work environment. The analysis suggests that security vigilance is needed in both face-to-face and non-face-to-face channels.

North Korea's cyber activities pose a security threat to the virtual asset industry. The face-to-face infiltration method confirmed in the Drift incident has been recorded as a new case in the industry. Market participants are looking for countermeasures by simultaneously strengthening human network management and technical security.

*Disclaimer: This article is for investment reference only and is not responsible for investment losses based on it. The content should be interpreted for informational purposes only.*