North Korean Hacker Tactics Evolve: Fake Job Offers to Steal Your Crypto

New reports claim North Korean crypto hackers are trying to offer fake jobs as a phishing effort. This dangerous trend represents a few significant evolutions in the criminals’ technique.

Specifically, they attempted a small-scale experiment in India a few months ago, and it was notoriously more clumsy in several aspects. The biggest danger is the same, though: malware buried in phony video conference apps.

North Korean Hackers’ New Techniques

North Korean hackers have been wreaking havoc on the crypto space in 2025, pulling off the greatest heist in crypto history in February and proceeding from there. We already knew these criminals were infiltrating Web3 firms en masse, enabling powerful new hacks.

However, they’re now coming from the other end, too.

According to a report from Reuters, North Korean crypto hackers are increasing their efforts to create fake job offers. Rather than infiltrating Web3 firms to gain security access, they’re targeting individuals already working in the industry. They reach out over social media with phony offers, which frequently contain phishing attempts.

Several months ago, North Korean crypto hackers initiated a similar plan on a much smaller scale. The “Famous Chollima” hacker collective targeted job seekers in India. However, their technique has evolved in several key ways since then.

In both cases, the scam is the same: an interviewee has to download fake video conference software or programming challenge, which contains malware. The dressing, though, became much more sophisticated.

Crypto Workers Beware

In June, these hackers posed as specific Web3 firms like Coinbase or Robinhood, going after targets who were actively looking for a job. Now, however, they pursue more established victims and employ tighter cover stories.

North Korean hackers reach out to successful crypto personalities with attractive job offers, supposedly looking for experienced talent to build a new startup. These targets include founders, executives, programmers, influencers, consultants, and more.

Then, they strike:

“It happens to me all the time, and I’m sure it happens to everybody in this space. It’s scary how far they’ve come,” Carlos Yanez, an executive at Global Ledger, told Reuters. Although he hasn’t been successfully hacked yet, he warned of how good these scams are getting.

Major crypto companies have already proposed controversial countermeasures to deter North Korean hacker infiltration, but this development might foil them. Private firms can educate their employees on the dangers of these scams, but it’s difficult to build protections for every worker.

Additionally, economic troubles in the US are making this scam even more dangerous. The hiring market is notoriously brutal right now, and these North Korean hackers are supposedly looking for crypto talent. Desperate people might not realize what’s happening until it’s too late.

On the bright side, we don’t have any hard data on the success of these scams. One victim anonymously admitted to losing $1,000, but there are many examples of people recognizing the danger in time. They may move on if these hackers can’t net enough actual successes from these crimes.

After all, it doesn’t matter to them whether or not they’re convincing in the early stages. If they can’t steal your money, the whole operation fails. For this reason, crypto users should always stay alert; it might derail the entire strategy.

Source