North Korean hackers deploy deepfake videos to infiltrate the crypto industry

A hacking cell linked to North Korea is escalating its attack campaigns against cryptocurrency industry professionals by using AI-generated videos. The modus operandi reveals a disturbing level of sophistication that exploits interpersonal trust and technological vulnerabilities.

The AI Impersonation Tactic

Hackers operate through compromised accounts on messaging platforms like Telegram, where they conduct deepfake video calls that replicate the appearance of close contacts or trusted colleagues. Martin Kuchař, co-founder of the BTC Prague event, publicly shared how these attackers contacted him using this technique, convincing him to download software supposedly designed to fix audio issues in Zoom video calls.

The trap is particularly effective because the offered plugin maintains a credible facade. Once installed, the malware grants attackers full control of the device without the victim realizing the infiltration. Odaily has documented how these attacks have become more convincing with the evolution of voice cloning and facial video synthesis technology.

Lazarus Group Expands Its Attack Arsenal

Researchers from Huntress and SlowMist have definitively attributed these operations to Lazarus Group (also known as BlueNoroff), a hacking organization backed by the North Korean state. The security firm Huntress noted that the malicious scripts execute multi-stage infections specifically designed for macOS systems, including:

• Deployment of backdoors for persistent access
• Keylogging to steal credentials
• Clipboard content exfiltration
• Access to private seeds and encrypted wallet keys

The SlowMist security team observed that these attacks demonstrate tactical reuse patterns, targeting professionals with access to valuable digital assets. The selectivity of targets suggests prior reconnaissance and profiling of potential victims.

The Gap in Digital Identity Verification

With the proliferation of deepfake tools and voice synthesis, visual and auditory authenticity can no longer be considered reliable methods of verification. Videos and photos are becoming attack vectors rather than identity guarantees.

The cryptocurrency industry now needs to implement more robust verification protocols. Experts recommend:

• Enabling multi-factor authentication on all critical platforms
• Establishing verified communication channels outside of general platforms
• Training technical teams in social engineering recognition
• Keeping operating systems and applications up to date
• Using biometric behavior analysis solutions

The sophistication of these hackers demonstrates that constant vigilance is now an essential requirement for any professional in the crypto ecosystem.