The FBI has issued a warning about increasingly sophisticated cyberattacks by North Korean criminals targeting the cryptocurrency industry, including firms connected to digital asset exchange-traded funds (ETFs). According to an announcement made on Tuesday, North Korean cybercriminals are now using advanced social engineering techniques to infiltrate the crypto sector, with a particular focus on ETF-related entities.
The FBI revealed that these North Korean actors are employing “difficult-to-detect social engineering campaigns” to deceive employees in the cryptocurrency field, including those involved in decentralized finance (DeFi) and ETFs. The tactics often involve impersonating individuals or making fraudulent job offers to extract sensitive personal information, a method commonly known as phishing.
The agency’s announcement highlighted that North Korean malicious cyber actors have conducted extensive research on targets linked to cryptocurrency ETFs over recent months. This pre-operational research suggests that these actors may soon attempt malicious cyber activities against companies associated with cryptocurrency ETFs or similar financial products.
The FBI cautioned that even individuals with strong cybersecurity knowledge could fall victim to these increasingly sophisticated scams. The U.S. Securities and Exchange Commission (SEC) approved spot Bitcoin and Ethereum ETFs earlier this year, allowing traditional investors to gain exposure to these cryptocurrencies via stock exchange-traded shares. Before this, crypto futures ETFs were available in the American market.
While the FBI’s alert does not name specific cryptocurrencies, Bitcoin ETFs are the most prominent in the U.S., having been traded since January. Ethereum ETFs have been available for just over a month. North Korean actors, notably the state-sponsored Lazarus Group, are known for targeting crypto companies and protocols. This group has allegedly used mixing tools like Tornado Cash to obscure the origins of stolen funds.
Blockchain data firm Chainalysis reports that Lazarus Group steals hundreds of millions of dollars in cryptocurrency each year by targeting exchanges and other platforms. Notably, the group was linked to the $622 million hack of the Ethereum gaming network Ronin in March 2022.