North Korean hackers created fake US companies to target crypto developers: report

Bitget App

Trade smarter

The Block2025/04/24 16:00

By:By Vishal Chawla

Quick Take North Korean hackers created three companies — two of which were U.S.-based — to distribute malware to cryptocurrency developers, according to security researchers at Silent Push. The companies include BlockNovas LLC (New Mexico), SoftGlide LLC (New York) and Angeloper Agency. The campaign was attributed to the APT group “Contagious Interview,” a Lazarus subgroup.

North Korean hackers created fake US companies to target crypto developers: report image 0

North Korean hackers, linked to the Lazarus Group, created three shell companies — two of which were U.S.-based — to target cryptocurrency developers with malware, according to a report by cybersecurity firm Silent Push.

BlockNovas LLC and SoftGlide LLC were registered in the U.S. states of New Mexico and New York, respectively. A third entity, Angeloper Agency, was also linked to the campaign but is not registered in the U.S.

The North Korean APT group Contagious Interview (a subgroup of Lazarus) was behind the campaign, using three fake cryptocurrency companies as fronts for malware distribution.

Domains and subdomains linked to their operations include lianxinxiao[.]com, blocknovas[.]com, and apply-blocknovas[.]site.

The objective of establishing the entities was to deliver malware via fake job interview lures targeting cryptocurrency job seekers, the Silent Push researchers said.

Their operations target cryptocurrency developers with malware, aiming to compromise their crypto wallets and steal credentials to facilitate further attacks on legitimate businesses.

The perpetrators used fake personas and addresses to create these companies, according to researchers. The group used AI-generated employee profiles to give legitimacy to the fake companies, Silent Push researchers said.

The North Korean Lazarus Group, a state-sponsored cybercrime syndicate, has a history of using fake job postings as a vector for distributing malware, particularly targeting cryptocurrency firms to steal funds and sensitive data.

The most infamous case was the 2021 Axie Infinity Ronin Bridge hack, in which a fake job offer compromised a Sky Mavis employee, allowing Lazarus to steal $625 million in ETH and USDC. Another notable hit was the 2022 Horizon Bridge hack, where similar tactics led to a $100 million theft from Harmony’s systems.

Lazarus’s operations have stolen over $3 billion in cryptocurrency since 2017, per U.N. and Chainalysis estimates, with job-based attacks driving a significant portion.

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.

APR up to 10%. Always on, always get airdrop.

Lock now!