Bitcoin
Bitcoin (BTC)
$83,860.00 2.25524
Bitcoin price
Ethereum
Ethereum (ETH)
$1,808.74 1.29751
Ethereum price
BNB
BNB (BNB)
$596.38 1.45017
BNB price
Solana
Solana (SOL)
$122.36 6.10272
Solana price
XRP
XRP (XRP)
$2.12 3.48028
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000122 0.19876
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000071 7.57555
Pepe price
Bonk
Bonk (BONK)
$0.0000112 3.50498
Bonk price
dogwifhat
dogwifhat (WIF)
$0.380769 1.05622
dogwifhat price
Popcat
Popcat (POPCAT)
$0.164223 5.44439
Popcat price
Bitcoin
Bitcoin (BTC)
$83,860.00 2.25524
Bitcoin price
Ethereum
Ethereum (ETH)
$1,808.74 1.29751
Ethereum price
BNB
BNB (BNB)
$596.38 1.45017
BNB price
Solana
Solana (SOL)
$122.36 6.10272
Solana price
XRP
XRP (XRP)
$2.12 3.48028
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000122 0.19876
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000071 7.57555
Pepe price
Bonk
Bonk (BONK)
$0.0000112 3.50498
Bonk price
dogwifhat
dogwifhat (WIF)
$0.380769 1.05622
dogwifhat price
Popcat
Popcat (POPCAT)
$0.164223 5.44439
Popcat price
Bitcoin
Bitcoin (BTC)
$83,860.00 2.25524
Bitcoin price
Ethereum
Ethereum (ETH)
$1,808.74 1.29751
Ethereum price
BNB
BNB (BNB)
$596.38 1.45017
BNB price
Solana
Solana (SOL)
$122.36 6.10272
Solana price
XRP
XRP (XRP)
$2.12 3.48028
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000122 0.19876
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000071 7.57555
Pepe price
Bonk
Bonk (BONK)
$0.0000112 3.50498
Bonk price
dogwifhat
dogwifhat (WIF)
$0.380769 1.05622
dogwifhat price
Popcat
Popcat (POPCAT)
$0.164223 5.44439
Popcat price
Bitcoin
Bitcoin (BTC)
$83,860.00 2.25524
Bitcoin price
Ethereum
Ethereum (ETH)
$1,808.74 1.29751
Ethereum price
BNB
BNB (BNB)
$596.38 1.45017
BNB price
Solana
Solana (SOL)
$122.36 6.10272
Solana price
XRP
XRP (XRP)
$2.12 3.48028
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000122 0.19876
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000071 7.57555
Pepe price
Bonk
Bonk (BONK)
$0.0000112 3.50498
Bonk price
dogwifhat
dogwifhat (WIF)
$0.380769 1.05622
dogwifhat price
Popcat
Popcat (POPCAT)
$0.164223 5.44439
Popcat price

North Korea’s latest crypto hack reveals Web3’s security weakness: pro

Jayson Derrick
Edited by
News
North Korea’s latest crypto hack reveals Web3’s security weakness: pro

Oak Security’s Jan Philipp Fritsche says Web3 needs to stop ignoring basic OPSEC hygiene, especially as state-sponsored threats rise.

As North Korea’s “ClickFake” campaign draws renewed attention to cyberattacks on crypto firms, security experts say Web3’s biggest vulnerability isn’t smart contracts — it’s people.

Jan Philipp Fritsche, Managing Director at Oak Security, argued in a note to crypto.news that most blockchain projects lack even the most basic operational security standards

Fritsche, a former European Central Bank analyst who now advises and audits protocols says the real risk lies in how teams manage devices, permissions, and production access.

“The ClickFake campaign shows just how easily teams can be compromised,” Fritsche said in a note. “Web3 projects have to assume that most of your employees are exposed to cyber threats outside their work environment.”

North Korea’s campaign

For background, North Korea’s Lazarus Group is using a cyber campaign called “ClickFake Interview” targeting cryptocurrency professionals. The group posed as recruiters on LinkedIn and X, luring victims into fake interviews to distribute malware. 

The malware, named “ClickFix,” gave attackers remote access to steal sensitive data like crypto wallet credentials. Researchers said Lazarus used realistic documents and full interview conversations to enhance credibility.

Most DAOs and early-stage teams still rely on personal devices — often used for both development and Discord chatting — which leaves them exposed to nation-state level attackers. Unlike traditional enterprises, many DAOs have no way to enforce security standards.

“There’s no way to enforce security hygiene,” Fritsche said. “Too many teams, especially smaller ones, ignore this and hope for the best.”

Fritsche says even the assumption that a device is clean may be flawed. For high-value projects, that means developers should never have the ability to push changes to production unilaterally. 

“Company-issued devices with limited privileges are a good start,” Fritsche said. “But you also need fail-safes—no single user should have that kind of control.”

The lesson from traditional finance? Every risk is assumed to be real until proven otherwise. 

“In TradFi, you need a keycard just to check your inbox,” Fritsche said. “That standard exists for a reason. Web3 needs to catch up.”