Skip to main content

North Korean hackers target huge crypto exchange — are user funds safe?

North Korean hackers are attempting to lure in cryptocurrency experts via bogus job offers for crypto exchange platform Coinbase.

As reported by Bleeping Computer, a campaign orchestrated by the well known North Korean Lazarus hacking group has been uncovered, and its target is those involved in the increasingly popular fintech (financial technology) industry.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

In what is clearly part of a social engineering attack, the hacking group engages in conversation with targets through LinkedIn, which ultimately culminates in a job offer being presented to the potential victim.

Coinbase is a leading cryptocurrency exchange company, so, at face value, many who are not privy to the attack will naturally be interested in adding them to their resumes. However, if the attack were to succeed, then the consequences could lead to untold amounts of crypto wallets being seized and stolen.

Hossein Jazi, who works as a security researcher at internet security firm Malwarebytes and has been analyzing Lazarus since February 2022, said individuals from the cybergang are masquerading as employees from Coinbase. The scam attracts potential victims by approaching them to fill the role of “Engineering Manager, Product Security.”

If that individual falls for the fake job offer, then they’ll eventually be given instructions to download a PDF explaining the job in full. However, the file itself is actually a malicious executable utilizing a PDF icon to trick people.

The file itself is called “Coinbase_online_careers_2022_07.exe,” which seems innocent enough if you didn’t know any better. But while it opens a fake PDF document created by the threat actors, it also loads malicious DLL codes onto the target’s system.

A fake job offer for Coinbase in the form of a PDF.
Bleeping Computer/@h2jazi

After it’s successfully deployed onto the system, the malware will then make use of GitHub as a central command center in order to receive commands, after which it has free rein to carry out attacks on devices that have been breached.

U.S. intelligence services have previously issued warnings regarding Lazarus’ activity in issuing cryptocurrency wallets and investment apps infected with trojans, effectively allowing them to steal private keys.

And the group’s efforts have been lucrative, to say the least — the FBI found that it had stolen cryptocurrency with a value of over $617 million at the time.

This particular attack, which is connected to a blockchain-based game, materialized due to another deceptive PDF file, which was sent as a job offer to one of the blockchain’s engineers. Once the file was opened, the individual’s system was infected, subsequently paving the way for Lazarus to locate a security flaw and take advantage of it in a big way.

In any case, the prospect is a scary one: opening a single PDF file leading to the entire network being compromised. In the case of Coinbase, which handles billions of dollars in crypto transactions, one can only imagine what the outcome and financial ramifications would be if Lazarus indeed manages to find a way in.

For the time being, if you’re approached by Coinbase in any capacity, it might be a good idea to be cautious of opening any files.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hackers targeted AMD to steal huge 450GB of top-secret data
A depiction of a hacker breaking into a system via the use of code.

A data extortion group known as RansomHouse has asserted that it has stolen upwards of 450GB of sensitive data from AMD.

Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.

Read more
Upgrading to a 4K monitor? Amazon has a 27-inch for 20% off
The Innocn 27-inch Mini LED 4K Gaming Monitor on a white background.

Amazon has a great deal on a 4K gaming monitor that you might not ordinarily consider. While monitor deals are typically full of Dell, Alienware, and HP models, Amazon has a $160 discount on the Innocn 27-inch Mini LED 4K Gaming Monitor with a USB-C connection. It normally costs $800 but it’s currently down to $640, so it’s a fairly tempting proposition. If you fancy trying something a little different from the mainstream brands, take a look at what else it has to offer below.

Why you should buy the Innocn 27-inch Mini LED 4K Gaming Monitor
While you won’t see Innocn on any of the best gaming monitor lists, on paper it sounds very promising. Its 27-inch panel is a 4K one with resolutions of up to 3840 x 2160. Alongside that, it has a refresh rate of 160Hz with a 1ms response time. Colors wise, it has 99% DCI-P3 Adobe RGB color gamut support with HDR1000 ensuring everything should look gorgeous. Whatever you’re playing will look more vibrant while it’s also a good option for video or image editing.

Read more
Quick! This MSI gaming laptop dropped from $1,500 to $1,000
The MSI Stealth 14-inch gaming laptop at a side angle.

One of the better gaming laptop deals comes via Best Buy with a huge $500 off the MSI Stealth 14-inch gaming laptop. It normally costs $1,500, so with the price down to $1,000, you’re getting a seriously good deal for the latest tech. If you’re keen to know more, keep reading while we take you through everything.

Why you should buy the MSI Stealth 14-inch gaming laptop
MSI is one of the best laptop brands around despite not being quite as big a name as some rivals. Its penchant is gaming hardware and that’s shown in the MSI Stealth 14-inch gaming laptop. It has an Intel Core i7-13620H processor along with 16GB of memory and 1TB of SSD storage, so it has all the key components you could need. Alongside that is an Nvidia GeForce RTX 4060 graphics card with 8GB of dedicated VRAM.

Read more