FBI Alerts: North Korean Cybercriminals Targeting Bitcoin ETF Firms with Sophisticated Scams

North Korean Cybercriminals on the Rise

The FBI has issued a warning that North Korean cybercriminals are enhancing their tactics to steal cryptocurrency, especially targeting employees linked to digital asset exchange-traded funds (ETFs).

In an announcement on Tuesday, the FBI highlighted the sophisticated social engineering campaigns being conducted against individuals in the crypto sector, including those involved in decentralized finance (DeFi) and ETF markets. These scams often involve impersonation or fake job offers to extract sensitive personal information.

Targeting Cryptocurrency ETFs

The FBI's announcement indicated that North Korean malicious actors have been conducting research on various targets related to cryptocurrency ETFs over the past few months. This research includes preparations suggesting that these actors may attempt cybercrimes against companies associated with cryptocurrency ETFs or other financial products linked to digital assets.

Even those with strong cybersecurity knowledge may fall victim to these increasingly sophisticated scams.

Background on North Korean Cyber Activities

The U.S. Securities and Exchange Commission (SEC) recently approved spot Bitcoin and Ethereum ETFs, allowing traditional investors to invest via traded shares. While the FBI did not name specific cryptocurrencies, Bitcoin ETFs are the most prominent in the U.S., having been available since January.

North Korean cybercriminals, particularly the Lazarus Group, frequently target cryptocurrency companies. They have been known to use tools like Tornado Cash to obscure the origins of stolen funds, with reports indicating that they steal hundreds of millions of dollars annually.

In March 2022, the group allegedly stole $622 million from the Ethereum gaming network Ronin.

This alert underscores the ongoing threat posed by state-sponsored cyber actors in the cryptocurrency space.