BTC
$94,761.16
+
2.23%
ETH
$1,785.35
+
1.80%
USDT
$1.0004
+
0.04%
XRP
$2.1999
+
1.58%
BNB
$605.98
+
1.55%
SOL
$154.15
+
4.29%
USDC
$0.9999
+
0.02%
DOGE
$0.1822
+
5.09%
ADA
$0.7196
+
3.91%
TRX
$0.2439
–
0.39%
SUI
$3.6705
+
22.18%
LINK
$15.05
+
4.22%
AVAX
$22.57
+
2.15%
XLM
$0.2839
+
5.54%
LEO
$9.1254
–
1.06%
HBAR
$0.1988
+
9.99%
SHIB
$0.0₄1409
+
7.28%
TON
$3.2196
+
3.53%
BCH
$381.72
+
9.77%
LTC
$86.39
+
6.26%
By Shaurya Malwa|Edited by Parikshit Mishra
Updated Apr 25, 2025, 10:25 a.m. Published Apr 25, 2025, 7:15 a.m.
- North Korean hackers established fake companies in the U.S. to target crypto developers, according to security firm Silent Push.
- The operation involved creating fictitious businesses, Blocknovas and Softglide, linked to the Lazarus Group.
- The FBI seized the Blocknovas domain, citing its use in distributing malware through fake job postings.
North Korean hackers posing as American tech entrepreneurs quietly registered companies in New York and New Mexico as part of a campaign to compromise developers in the crypto industry, security firm Silent Push said Thursday.
Two businesses, Blocknovas and Softglide, were created using fictitious identities and addresses. The operation is tied to a subgroup within the Lazarus Group.
STORY CONTINUES BELOW
The North Korean-backed hacking unit has stolen billions worth of crypto in the past years using sophisticated techniques and strategies that target unsuspecting individuals or companies.
“This is a rare example of North Korean hackers actually managing to set up legal corporate entities in the US in order to create corporate fronts used to attack unsuspecting job applicants,” said Kasey Best, director of threat intelligence at Silent Push.
The hackers’ playbook is as manipulative as it is effective: use fake LinkedIn-style profiles and job postings to lure crypto developers into interviews. Then, during the recruitment process, they are tricked into downloading malware disguised as job application tools.
Silent Push identified multiple victims of the operation, especially those contacted through Blocknovas, which researchers say was the most active of the three front companies. The firm’s listed address in South Carolina appears to be an empty lot, while Softglide was registered through a tax office in Buffalo, New York.
The firm added that the malware used in the campaign includes at least three virus strains previously tied to North Korean cyber units. These programs can steal data, provide remote access to infected systems, and serve as entry points for additional spyware or ransomware.
The FBI has seized the Blocknovas domain, per Reuters. A notice posted to the site states it was taken down “as part of a law enforcement action against North Korean cyber actors who utilised this domain to deceive individuals with fake job postings and distribute malware.”
Shaurya is the Co-Leader of the CoinDesk tokens and data team in Asia with a focus on crypto derivatives, DeFi, market microstructure, and protocol analysis.
Shaurya holds over $1,000 in BTC, ETH, SOL, AVAX, SUSHI, CRV, NEAR, YFI, YFII, SHIB, DOGE, USDT, USDC, BNB, MANA, MLN, LINK, XMR, ALGO, VET, CAKE, AAVE, COMP, ROOK, TRX, SNX, RUNE, FTM, ZIL, KSM, ENJ, CKB, JOE, GHST, PERP, BTRFLY, OHM, BANANA, ROME, BURGER, SPIRIT, and ORCA.
He provides over $1,000 to liquidity pools on Compound, Curve, SushiSwap, PancakeSwap, BurgerSwap, Orca, AnySwap, SpiritSwap, Rook Protocol, Yearn Finance, Synthetix, Harvest, Redacted Cartel, OlympusDAO, Rome, Trader Joe, and SUN.
