Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below.
North Korean hackers are leveraging blockchains such as BNB and Ethereum to host cryptocurrency-stealing malware, according to Google security researchers.
Since February, the North Korean hacking group UNC5342 has incorporated “EtherHiding” into a social engineering scheme targeting developers in the cryptocurrency and tech sectors to steal sensitive data and cryptocurrencies, Google researchers said on Oct. 16.
Don’t Miss:
EtherHiding uses smart contracts on public blockchains such as BNB and Ethereum to store and deploy malware. Threat actors have used the technique since at least 2023. However, the recent use of the method by UNC5342 marks the first time a state actor has used it, Google said.
There are several reasons for hackers to use this technique. The decentralized nature of the blockchain makes these malware more resilient to traditional takedown and blocking techniques. At the same time, the pseudonymous nature of blockchain technology makes it more challenging to identify the attackers. Hackers can also make their activities more difficult to track by using read-only call functions that do not register as transactions on the blockchain.
Trending: Backed by $300M+ in Assets and Microsoft’s Climate Fund, Farmland LP Opens Vital Farmland III to Accredited Investors
“EtherHiding represents a shift toward next-generation bulletproof hosting, where the inherent features of blockchain technology are repurposed for malicious ends,” Google’s researchers said.
North Korea has increasingly leveraged cyberattacks for espionage and to fund its nuclear weapons program, according to intelligence agencies. The cryptocurrency industry has become a prime target due to the ease of moving assets without intermediaries.
So far this year alone, North Korean state actors have stolen more than $2 billion in cryptocurrencies, according to blockchain analytics company Elliptic. The bulk of that came from the $1.4 billion Bybit hack in February.
See Also: Accredited Investors Can Now Tap Into the $36 Trillion Home Equity Market — Without Buying a Single Property
The exploits allegedly carried out by North Korean state actors often rely heavily on social engineering. UNC5342, for example, targets developers with bogus job openings, sometimes going so far as to create fake companies to do so, Google researchers said.
