US, Japan, and South Korea warn web3 firms about hiring IT workers from North Korea

In a joint statement, the U.S., Japan, and South Korea highlight the growing threat posed by North Korean cyber actors to the global crypto sector.

The United States, Japan, and South Korea have warned the blockchain industry about North Korean cyberattacks that could destabilize the global financial system. In a joint public statement on Jan. 14, the Japanese government pointed out that groups like the Lazarus Group are targeting exchanges and investors to steal crypto.

The governments highlighted North Korean hackers using social engineering tactics, such as malware like TraderTraitor and AppleJeus, and urged web3 companies to review past advisories to avoid accidentally hiring DPRK IT workers. The countries also encouraged private-public cooperation through initiatives like the Crypto-ISAC in the U.S. and related efforts in Japan and South Korea, per the statement.

In 2024 alone, the DPRK has been linked to thefts worth millions, including a $308 million hack from the Japanese crypto exchange DMM Bitcoin and a $50 million attack on South Korean trading platform Upbit.

At the Cyberwarcon conference in late November 2024, researchers found that several North Korean hackers were posing as remote workers for large companies, including IT workers and recruiters. The study also revealed two hacker groups, Sapphire Sleet and Ruby Sleet, working for North Korea, and stealing $10 million in just six months by posing as recruiters or venture capitalists.