North Korea’s Hackers Use Fake Profiles on Telegram to Target Crypto Community

Blockchain security firm SlowMist’s 6 December update highlights a concerning trend: the Lazarus Group, backed by North Korea, is intensifying its phishing operations within the cryptocurrency community. This shift primarily targets users on Telegram, employing sophisticated tactics to lure unsuspecting victims.

The hackers are now impersonating notable venture capital figures associated with Archax, HashKey, and Gumi Cryptos. They engage in persistent communication, gradually building trust with crypto teams. Once trust is established, victims are coaxed into running malicious scripts disguised as investment opportunities or meetings, leading to phishing attacks.

Alexandre Masmejean, CEO of Showtime, corroborated these warnings, recounting how FBI agents alerted him to Asian cybercriminals masquerading as the Head of HashKey Singapore Group, attempting to install malware on his device. SlowMist’s insights pinpoint the utilisation of Calendly’s feature, embedding deceptive links within event pages, a tactic enabling seamless phishing attempts.

Image Source: Slow Mist’s Medium

SlowMist uncovered the use of a specific IP address,, associated with domains impersonating diverse projects. The deceptive integration of these links heightens the challenge in detecting potential threats. Vigilance and proactive measures are strongly advised to mitigate risks associated with this malicious IP.

Domains found associated with IP address – (Image Source: Slow Mist’s Medium)

The Lazarus Group, reportedly sponsored by North Korea, has a notorious history. They’ve syphoned approximately $3 billion from the cryptocurrency industry in recent years, allegedly funding the country’s weapons program. Notable breaches linked to this group, such as the Ronin bridge exploit, resulted in theft exceeding $600 million.

Chainalysis estimates over $3 billion has been stolen by North Korean hackers within the past five years. South Korean intelligence further supports this, reporting a staggering $1.2 billion theft in BTC and ETH by North Korea in 2022 alone. These incidents underscore the significant threat posed by the Lazarus Group’s cyber operations within the crypto sphere.

The escalating sophistication of Lazarus Group’s tactics demands increased vigilance within the cryptocurrency community. Implementing stringent security measures and ongoing monitoring are crucial to safeguard against these evolving threats. While the involvement of North Korea-backed hackers continues to be a concern, proactive measures and awareness remain essential shields against potential attacks.

* Original content written by Coinlive. Coinbold is licensed to distribute this content by Coinlive.