The decentralized finance (DeFi) and cryptocurrency industries are being targeted by North Korean social engineering schemes in highly personalized and convincing ways.

Here is an example that the FBI is showcasing:

1. A person from your dream company, using the name of an old colleague, contacts you on social media, mentioning a conference you both recently attended and discussing shared interests.

2. He asks if you’re job hunting and reveals his company needs your skills, offering a significant pay raise. He arranges an interview with his CTO and during the interview, the CTO gives you a “pre-employment” test that involves troubleshooting code from some GitHub repositories you do not recognize.

3. You clone the repositories, execute the code, find the bugs, and pass the test with flying colors.

Congrats — you have fallen for a well-disguised social engineering scheme conducted by North Korean cyber actors. One of those GitHub repositories was malicious and landed a malware dropper on your machine which installed a key logger and acquired your credentials to access your company’s network.

The North Korean attackers gain access and moving laterally, eventually getting access to the seed phrases and security signatures for your company’s cryptocurrency assets. Shortly thereafter all the company’s crypto assets disappear and everything you and your colleagues worked for is gone.

The threat is real.

Check out the full FBI public warning here: https://www.ic3.gov/Media/Y2024/PSA240903