However, the Hacken team observed hackers using freelance marketplaces like Upwork and Fiverr as well.“Threat actors pose as clients or hiring managers offering well-paid contracts or tests, particularly in the DeFi or security space, which feels credible to devs,” Lubeck added. Hayato Shigekawa, principal solutions architect at Chainalysis, told Cointelegraph that the hackers often create “credible-looking” employee profiles on professional networking websites and match them with resumes that reflect their fake positions. They make all this effort to ultimately gain access to the Web3 company that employs their targeted developer.“After gaining access to the company, the hackers identify vulnerabilities, which ultimately can lead to exploits,” Shigekawa added. Related: Ethical hacker intercepts $2.6M in Morpho Labs exploitBe wary of unsolicited developer gigsHacken’s onchain security researcher Yehor Rudytsia noted that attackers are becoming more creative, imitating bad traders to clean funds and utilizing psychological and technical attack vectors to exploit security gaps. “This makes developer education and operational hygiene just as important as code audits or smart contract protections,” Rudytsia told Cointelegraph. Unal told Cointelegraph that some of the best practices developers can do to avoid falling victim to such attacks include using virtual machines and sandboxes for testing, verifying job offers independently, and not running code from strangers. The security professional added that crypto developers must avoid installing unverified packages and use good endpoint protection. Meanwhile, Lubeck recommended reaching out to official channels to verify recruiter identities.
The scam is reportedly run by a North Korean hacking group known as Slow Pisces, also referred to as Jade Sleet, Pukchong, TraderTraitor and UNC4899. Cybersecurity professionals warn of fraudulent job offers Hakan Unal, senior security operations center lead at security firm Cyvers, told Cointelegraph that the hackers often want to steal developer credentials and access codes.
He said these actors often look for cloud configurations, SSH keys, iCloud Keychain, system and app metadata, and wallet access. Luis Lubeck, service project manager at security firm Hacken, told Cointelegraph that these hackers also try to access API keys or production infrastructure. Lubeck said that the main platform used by these malicious actors is LinkedIn.
or
Share This Story
Article Details
Author / Journalist: Cointelegraph by Ezra Reguerra
The story "North Korean hackers target crypto devs with fake recruitment tests" has 503 words across 22 sentences, which will take approximately 3 - 5 minutes for the average person to read.
Which news outlet covered this story?
The story "North Korean hackers target crypto devs with fake recruitment tests" was covered 3 days ago by Coin Telegraph, a news publisher based in United States.
How trustworthy is 'Coin Telegraph' news outlet?
Coin Telegraph is a fully independent (privately-owned) news outlet established in 2013 that covers mostly crypto news.
The outlet is headquartered in United States and publishes an average of 9 news stories per day.
It's most recent story was published 7 hours ago.
What do people currently think of this news story?
The sentiment for this story is currently Negative, indicating that people regard this as "bad news".
How do I report this news for inaccuracy?
You can report an inaccurate news publication to us via our contact page. Please also include the news #ID number and the URL to this story.
