North Korean hackers intensify targeted attacks on crypto industry insiders through AI videos

SerNgmi · 2026-02-05T10:11:54+00:00

Experts observe a dangerous trend: North Korean-linked groups intensify attacks on crypto professionals using deepfake videos and cloned voices. This sophisticated phishing method compromises devices, leading to theft of assets and information. Recommendations for protection include enhanced multi-factor authentication and cautious software installation.

SerNgmi

2026-02-05 10:11:54

Abstract generation in progress

Experts are observing a dangerous trend: groups linked to North Korea are significantly increasing their operations against professionals in the cryptocurrency sector. According to Odaily, by attacking related individuals who have access to assets or confidential information, attackers are using deepfake videos and cloned voices to carry out large-scale scams.

Attack Mechanism: From Video Calls to Device Compromise

The attack vector is quite sophisticated: malicious actors initiate video calls using compromised accounts on Telegram, impersonating trusted contacts of the victim. Martin Kučar, one of the founders of BTC Prague, described a typical scenario: attackers persuade users to install software disguised as a plugin to fix sound issues in Zoom. In reality, this is malicious software that grants attackers full control over the computer.

Huntress’s research showed that this method is a precursor to previous operations aimed at cryptocurrency developers. The malicious scripts demonstrate a complex infrastructure: they can perform multi-level infections on macOS devices, install backdoors for persistent access, record keystrokes, extract clipboard contents, and access encrypted wallet assets.

Lazarus Group Behind These Operations

Experts confidently link this wave of attacks to the state-sponsored hacking group Lazarus Group, also known as BlueNoroff. The head of information security at SlowMist confirmed that these attacks exhibit characteristic signs of systematic re-targeting, which is periodically used in various operations aimed at specific wallets and individuals involved in the cryptocurrency sphere.

Researchers emphasize that the spread of deepfake and voice synthesis technologies radically changes the cybersecurity landscape. Images and videos can no longer be considered sufficient means for identity verification. This presents an existential challenge to the security of the crypto industry.

Protective Measures and Recommendations

Crypto professionals and organizations are advised to strengthen multi-factor authentication, especially in the context of video calls. Additional verification procedures should be implemented for software installation, verified communication channels should be used, and the installation of third-party plugins should be avoided. For related individuals managing digital assets, minimizing the attack surface should be a priority.

The increasing risk of synthetic media requires a comprehensive approach: from technical measures to human factors and cybersecurity culture.

BTC-1,16%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.