Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
North Korean hackers have secured positions at a minimum of 40 cryptocurrency firms, according to MetaMask., 2026/04/06 17:32:45
North Korean experts have been infiltrating cryptocurrency firms and decentralized finance (DeFi) projects for a minimum of seven years, with many aiming to breach platforms, according to MetaMask security specialist Taylor Monahan.
The expert noted that over 40 major crypto platforms, including well-known ones, have at some point employed North Korean developers. North Korean IT professionals possess substantial experience in blockchain technology, making it challenging for cryptocurrency companies to identify potential risks, Monahan pointed out. He added that this issue is also linked to the remote working model adopted by most platforms.
Blockchain researcher ZachXBT responded to a tweet from the MetaMask representative, stating that the tactics employed by North Korean criminals are quite straightforward: they widely respond to job postings, send inquiries via LinkedIn, conduct Zoom calls, and participate in interviews. An anonymous crypto detective highlighted their notable characteristic — persistence.
Recently, North Korean hackers from the notorious Lazarus group have begun recruiting citizens from other countries, shared Titan Exchange founder Tim Ahhl. Previously, his team interviewed a candidate who turned out to be hired by Lazarus — his name appeared in a leak concerning the group. Ahhl mentioned that the candidate conducted video calls and was highly qualified but declined to meet in person.
Related Posts
The Bitrefill platform, which was attacked on March 1, suffered due to an employed Lazarus hacker. The group exploited an old employee password to gain access to a copy of confidential production data. Subsequently, Lazarus infiltrated databases and cryptocurrency wallets, stealing funds and data from 18,500 users.
North Korean hackers are also linked to the $280 million breach of the Drift protocol. An investigation into the incident revealed that compromised signatures were obtained through a six-month phishing scheme, the protocol reported. Drift representatives met a group of individuals at a major crypto conference who introduced themselves as employees of a trading firm interested in partnering with the protocol. These specialists had impressive resumes with extensive experience, interacted with several project participants, conducted numerous working sessions, asked detailed and knowledgeable questions about the product, and contributed over $1 million of their own capital, according to Drift.
Estimates suggest that since 2017, Lazarus has stolen cryptocurrency worth approximately $7 billion. According to various investigations, North Korean hackers primarily operate on behalf of the state and are responsible for augmenting the North Korean government’s budget with assets of significant value.
Among the largest attacks attributed to Lazarus are the 2022 hack of Ronin Bridge, resulting in a theft of $625 million, a data leak on the WazirX platform in 2024 with damages of $235 million, and a theft on the Bybit exchange in 2025, where criminals withdrew $1.4 billion.
