A North Korean Hacking Group Is Targeting Crypto Startups

Key Takeaways

  • Cybersecurity firm Kaspersky says that the hacking group BlueNoroff is primarily targeting crypto startups in a report released earlier today.
  • The group has used phishing campaigns to make crypto startups install software updates with backdoor access.
  • Though Kaspersky did not say how much cryptocurrency has been stolen, previous reports provide some estimates.

BlueNoroff, a North Korean hacking group, is now primarily targeting crypto startups, according to a report from cybersecurity firm Kaspersky.

BlueNoroff Is Solely Targeting Crypto Startups

The North Korean hacking group known as BlueNoroff is almost exclusively targeting cryptocurrency startups, according a new report from Kapersky.

BlueNoroff is a hacking group with ties to the larger crybercrime group Lazarus, which has been known to have strong ties with North Korea in the past. It initially targeted banks and the SWIFT payment network, beginning with an attack on Bangladesh’s Central Bank in 2016.

But now, BlueNoroff has “shifted [its] focus…to solely cryptocurrency businesses” rather than traditional banks, Kaspersky says.

According to the report, the hacking group has historically begun each attack by “stalking and studying successful cryptocurrency startups” through prolonged phishing campaigns involving emails and internal chats.

BlueNoroff has impersonated several existing cryptocurrency businesses including Cardano’s commercial arm, Emurgo, and the New York VC firm Digital Currency Group. It has also impersonated Beenos, Coinsquad, Decrypt Capital, and Coinbig.

Kaspersky noted that those companies were not compromised during the attacks.

Hackers Would Use Backdoors

After gaining the trust of the targeted startup and the members, the hackers would have the company install a modified software update with backdoor access, allowing for further intrusion.

Then, the group would use the backdoor to collect user credentials and monitor user keystrokes. This monitoring of user activity would last “for weeks or months,” Kaspersky says.

BlueNoroff would often exploit CVE-2017-0199 in Microsoft Office, which allows Visual Basic scripts to be executed in Word documents. The group would also replace browser wallet add-ons, such as Metamask, with compromised versions.

These strategies allowed the company to steal company funds as well as “set up a vast monitoring infrastructure” that notified the group of large transactions.

How Much Has Been Stolen?

Kaspersky did not state how much had been stolen via these attacks. However, Costin Raiu of Kaspersky previously identified bZx as one target of BlueNoroff’s SnatchCrypto campaign. That exchange saw $55 million stolen from it in November 2021.

The U.S. Treasury has also suggested that BlueNoroff, along with Lazarus and other subgroup, stole $571 million in cryptocurrency from five exchanges between January 2017 and September 2018. BlueNoroff stole over $1.1 billion dollars from financial institutions by 2018, the Treasury said in the same report.

Incidentally, the analytics firm Chainalysis today suggested that North Korean hackers stole $400 million in 2021. However, this report mentioned only Lazarus generally, not BlueNoroff specifically.

Disclosure: At the time of writing, the author of this piece own BTC, ETH, and other cryptocurrencies.

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Crypto Crime Topped $10 Billion in 2021: Report


DeFi security firm ImmuneFi has published a report suggesting that $10.2 billion was stolen through crypto attacks last year. The report corroborates other similar reports released in recent weeks. $7.5…

Crypto Crime Soared in 2021, But So Did Usage: Chainalysis

A significant rise in cryptocurrency-related crime accompanied the rise of decentralized finance in 2021. While crypto crime rates hit record highs in absolute numbers, illicit crypto transactions marked record lows…

MetaDAO Makes Off With $3.2M in Rug Pull


A project called MetaDAO has made off with roughly 800 ETH, or $3.2 million, in an apparent rug pull scam perpetrated over the holiday weekend.  Holiday Crypto Heist Just ahead…

A Guide to Yield Farming, Staking, and Liquidity Mining

Yield farming is arguably the most popular way to earn a return on crypto assets. Essentially, you can earn passive income by depositing crypto into a liquidity pool. You can think of these liquidity…

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *