Study found North Korea posing as IT workers to steal billion dollars

North Korea, which is known for stealing billions of dollars in crypto, has expanded their capabilities by posing as recruiters and IT workers in recent years.

North Korean hackers are now imposed as promising employee candidates for multinational companies, with the aim of earning money and stealing company’s secrets.

Researchers at the Cyberwarcon cybersecurity conference found that there are North Korean hackers who are imposed as remote workers for big companies, including IT workers and recruiters.

The study also found that two hacker groups named Sapphire Sleet and Ruby Sleet did their work for the North Korean regime, using the same scenario and imposed as a potential worker.

Sapphire Sleet is stealing cryptocurrency from individuals and companies by imposing their identity as recruiters or venture capitalists. In this case, they would set up a broken meeting in order to make the victim download a tool to fix it, but in fact, they just download malware. Through this scenario, North Korea has gained $10 million in just six months.

Ruby Sleet acts as an aerospace company that targets industry secrets; it develops weapons and navigation systems through these actions.

The crypto industry lost $1.5 billion due to hacker

Immunefi, a leading bug bounty platform, shared that this year the crypto industry has lost $1.48 billion due to several crypto hackers. In November 2024, there are $71 million, with Thala and Dexx as the major victims.

The decentralized finance firm Thala reported that it lost $26 million after the protocol liquidity was exploited. Thala freezes $11.5 million in assets, including the protocol’s native THL token and the Move Dollar (MOD).

Dexx and Polter Finance have also faced hacker issues and lost around $21 million and $12 million, respectively. DeltaPrime cases on Nov. 11 were also included as major losses this month, with $5 million.