Lazarus hackers from North Korea have launched fake crypto firms in the US to distribute malware
The attacks target blockchain developers looking for a new job
25.04.2025 - 13:25
573
3 min
0
What’s new? North Korean hackers from the Lazarus group have created three front companies to attack crypto developers with malware, analysts at IS firm Silent Push said. Two of them, under the names BlockNovas and SoftGlide, are registered in the states of New Mexico and New York, while the third organization, Angeloper Agency, is registered outside the United States.
What else is known? The hacking firms are designed to spread malware through fake interviews with blockchain developers. These programs allow Lazarus to hack into crypto wallets and obtain credentials to attack projects that employ their victim applicants for fake positions.
According to the researchers, the criminals used fake addresses and AI-generated identities to launch companies.
Google experts spoke about threats to crypto companies from DPRK developers
Blockchain firms may face hacks, ransomware, and data breaches
For Lazarus, which has ties to the DPRK government and funnels stolen crypto assets to fund a weapons program, this tactic is not new. The most high-profile incident was the $625 million hack of the Ronin Bridge cross-chain protocol of the Axie Infinity game in 2021.
Then, using a fake job posting, hackers took over the data of an employee of developer Sky Mavis and withdrew ETH coins and USDC stablecoins. Before the Bybit crypto exchange hack in February this year, this incident was the largest hack in the history of the crypto industry.
Another similar incident was the $100 million hack of Project Harmony’s Horizon Bridge protocol in 2022.
Experts interviewed by The Block said that DPRK hackers were involved in the hack of Phemex for $70 million
The exchange announced that the withdrawal function would soon be restored
The UN and blockchain analysts at Chainalysis estimate that Lazarus has stolen more than $3 billion in cryptocurrency since 2017, with much of the damage coming specifically from attacks related to fake job postings.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$59 642
BTC
-4.51%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.06
XRP
-3.95%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.073927
DOGE
-6.03%
-
Zcash
$398.24
ZEC
-3.65%
-
Stellar XLM
$0.18435
XLM
-4.61%
-
Cardano
$0.141844
ADA
-5.6%
-
Polkadot
$3.32
DOT
+5.27%