FBI issues warning on North Korean plans to target US Bitcoin ETFs

The FBI has issued a warning about North Korean hackers increasing their efforts to target U.S. Bitcoin Exchange-Traded Funds (ETFs) through sophisticated social engineering tactics.

These cybercriminals are conducting detailed research on crypto companies and their employees, aiming to steal cryptocurrency.

According to the FBI, North Korean hackers are concentrating on decentralised finance (DeFi) and crypto businesses.

They gather extensive information from social media and job sites to create convincing fake scenarios, such as job offers or investment opportunities tailored to the victims' backgrounds, skills, or interests.

Their objective is to build trust over time by engaging in lengthy conversations to gain the victim's confidence.

Once trust is established, the hackers trick their targets into downloading malware or clicking on malicious links, which grants them unauthorised access to the company’s network.

Impersonation is a favored tactic, with hackers posing as known contacts, such as recruiters or tech executives.

They often use stolen photos and fake profiles to make their impersonations seem authentic.

Some even create fake websites for non-existent companies.

For instance, in October 2023, the U.S. Department of Justice seized 17 domains that North Korea had set up to impersonate legitimate businesses.

To counter these threats, the FBI recommends several security measures.

These include verifying contacts through multiple channels, avoiding storing cryptocurrency wallet information on internet-connected devices, and using a virtual machine for pre-employment tests.

Companies are also advised to implement multi-factor authentication for financial transactions and conduct regular network vulnerability assessments.

If an attack is suspected, the FBI advises companies to disconnect affected devices from the internet—while keeping them powered on to preserve evidence—and to report the incident to the FBI’s Internet Crime Complaint Center with as much detail as possible.

Consulting with law enforcement or private cybersecurity experts is also recommended for further investigation and remediation.