North Korea Hackers Shift to Social Engineering, Forcing Crypto Firms to Unite

by

North Korea–Linked Actors Pivot to Social Engineering, <a href="https://jpykr.com/xrp-usd/">Ripple</a> Reports

Hackers believed to be connected to North Korea are increasingly using social engineering tactics, prompting cryptocurrency companies to improve information sharing and strengthen their security measures.

As cyberattacks become more common, cryptocurrency companies are changing their security strategies to focus on protecting people, not just fixing software bugs. Recent attacks prove hackers are increasingly using tricks and manipulation to target individuals. Companies in the industry are starting to share information about threats to react faster, and new evidence suggests that some attacks are linked to state-sponsored groups.

Ripple Expands Threat Data Sharing as Attackers Target People Over Protocols

Ripple is now providing the wider cryptocurrency industry with information about potential threats from hackers linked to North Korea. This is being done through Crypto ISAC, a group that helps coordinate security across the industry. The information shared includes things like risky website addresses, digital wallet IDs, and other clues related to previous hacking attempts.

This development comes after a $280 million security incident at Drift, which revealed a new type of attack. Unlike previous hacks that targeted the underlying code, attackers tricked individuals involved with the project into giving them access to their devices. This represents a growing trend of attackers focusing on manipulating people – a tactic known as social engineering – instead of directly exploiting software vulnerabilities.

Christina Spring, who leads growth at Crypto ISAC, says cyber threats are becoming more complicated. She explains that both cryptocurrency companies and traditional banks are experiencing the same kinds of attacks. Often, attackers are able to get inside organizations by tricking employees and then operating from within.

Ripple explains that cyber attackers often try multiple targets in quick succession if their first attempt fails. By sharing information about these threats, companies can respond immediately instead of having to investigate from the beginning. This faster response helps minimize harm to everyone involved.

Lazarus-Linked Activity Drives Spike in Crypto Losses as Firms Strengthen Data Sharing

A recently released API from Crypto ISAC is making it easier for organizations to share security data. Companies like Coinbase and Ripple are already using the system, incorporating it into how they handle security internally. According to Erin Plante, Ripple’s head of brand security, this new system works well with their current security practices.

Plante explained that as one of the first companies to use the system, they’ve been collaborating with Crypto ISAC to integrate new data feeds smoothly into their existing processes.

Recent data from TRM Labs reveals a significant surge in cyber activity linked to North Korea. In 2020-2021, the country was responsible for less than 10% of all cryptocurrency stolen through hacks, but by 2025, that figure jumped to 64%. Experts believe these attacks are carried out by organized groups supported by the North Korean government.

TRM Labs has connected the $292 million Kelp DAO hack to a hacker known as TraderTraitor, who investigators believe is associated with the Lazarus Group. Both TraderTraitor and the Lazarus Group are known for using both computer hacking and manipulation to carry out their attacks.

North Korean officials have denied allegations of involvement in cybercrime. A Foreign Ministry spokesperson called the accusations politically driven and without evidence. However, data from the cybersecurity industry continues to suggest that groups connected to the North Korean government are increasingly involved in crimes related to cryptocurrency.

Read More

2026-05-05 20:17