"Done right before our eyes"...North Korean Hackers Infiltrated Conference, Deceived the Entire Industry

▲ North Korea, Circle (USDC)/ChatGPT generated image ©

Hackers supported by the North Korean authorities are attempting to hack by directly attending virtual asset conferences and approaching officials.

On April 9 (local time), Cointelegraph, a media outlet specializing in virtual assets, reported that North Korean hackers were behind the $285 million hacking incident that occurred at the decentralized exchange Drift. They used social engineering techniques through face-to-face contact as well as remote attacks.

The attackers impersonated employees of a quant trading firm. They met Drift team officials at conferences in various countries to build trust. Subsequently, they moved funds through Tornado Cash and issued a fake token called CVT. They inflated the trading volume of the fake token to induce the exchange's oracle to recognize it as a legitimate asset. Using approved multi-signature authority, they withdrew funds on April 1. This incident is the second-largest incident ever on the Solana (SOL) network.

North Korean-linked IT personnel are working as remote developers for Western technology companies under forged identities. According to an investigation by blockchain analyst ZachXBT, they earned over $1 million per month. They passed the recruitment process using forged documents and then transferred funds via Payoneer. The UN Security Council announced that these funds are used for North Korea's weapons development program.

The industry has prepared countermeasures, such as inducing political statements during video interviews. However, hackers are sophisticated their methods, such as remotely controlling devices within the United States. Security experts explained that caution should be exercised regarding methods that circumvent geographical restrictions in a remote work environment. The analysis suggests that security vigilance is required in both face-to-face and non-face-to-face channels.

North Korea's cyber activities pose a security threat to the virtual asset industry. The face-to-face infiltration method confirmed in the Drift incident has been recorded as a new case in the industry. Market participants are seeking countermeasures by simultaneously strengthening human network management and technical security.

*Disclaimer: This article is for investment reference only, and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*