North Korea Is Targeting Entire Crypto Space, Top VC Warns

north korea defiance hack cover 768x403 1

Key Takeaways

  • DeFiance Capital founder Arthur Cheong has warned that North Korean-linked hackers are targeting all prominent crypto organizations.
  • He also told Crypto Briefing that he had evidence that the state-sponsored BlueNorOff hacking group was behind the spear-phishing attack that resulted in him losing around $1.7 million worth of NFTs.
  • On Thursday, the U.S. government confirmed that North Korea was also behind the $550 million Ronin Network hack that happened last month.

Share this article

DeFiance Capital founder Arthur Cheong has said that North Korea’s state-sponsored hackers have likely already penetrated all corners of the crypto industry and know precisely the kind of attacks to steal users’ funds.

Cheong Says North Korea Is Targeting Crypto Organizations

Arthur Cheong thinks that North Korea is actively trying to harm the crypto industry.

In a Friday tweet storm, the DeFiance Capital founder said that his research and conversations with leading cyber security experts have led him to believe that North Korea’s state-sponsored cybercrime organization BlueNorOff is “running an organized campaign to target all the prominent organizations in the crypto space.”

Based on the sophistication of their social engineering attacks, Cheong said the group has likely “mapped out” the entire crypto space and knows precisely the kind of phishing emails that would slip through its defenses. “It is critical that this industry is highly aware that we are being actively targeted by a state-sponsored cybercrime organization that is extremely resourceful and sophisticated,” he said. “They might even change the tools and attack pattern in the future.” Cheong later added that he thinks North Korea has access to email addresses for “everyone” in the cryptocurrency industry.


Last month, Cheong himself was a victim of a social engineering attack that resulted in him losing about $1.7 million worth of NFTs. The hackers used a refined “spear phishing” email to deploy malware on his device and extract the seed phrase of his hot wallet. In crypto, a seed phrase give direct access to the private keys of a particular crypto wallet, effectively allowing anyone that has access to the phrase absolute control over the crypto funds stored inside the wallet. Cheong told Crypto Briefing that he had hard evidence corroborated by a cyber security firm that proved the North Korean state-sponsored hacker group BlueNorOff was behind the attack. He also said that the same group was confirmed to have executed several other attacks on high-profile persons, firms, and protocols. 

A January report by the blockchain forensics firm Chainalysis showed that North Korea had stolen over $400 million in cryptocurrencies in 2021 alone. According to the report, the Lazarus Group, led by North Korea’s primary intelligence agency, was behind the $281 million KuCoin and $97 million Liquid cryptocurrency exchange hacks. Moreover, the U.S. Treasury confirmed Thursday that the Lazarus Group was also behind the $550 million Ronin Network bridge hack that happened last month. The attack was the second-largest in crypto history.

In today’s tweet storm, Cheong advised prominent organizations and members of the crypto industry to exercise extra diligence in handling their crypto assets, as North Korea was likely to scale up the intensity of the attacks on the industry. Besides standard security measures, including using multi-signature wallets, enterprise-grade custody solutions, and hardware dedicated exclusively for handling crypto transactions, Cheong said that crypto firms should also be careful when hiring new team members. “We have heard of this case from one of our portfolio companies where applicants for their software engineer role appear to be suspicious in interview, and unable to match up with their profile in their resume,” he said, suggesting that North Korean hackers have tried to infiltrate legitimate cryptocurrency firms.

According to a January report published by cyber security firm Kaspersky, North Korea is known for creating fake companies to develop crypto software that deceives users to install malicious apps that drain their funds. Per the same report, North Korea’s bread-and-butter has been using elaborate social engineering schemes to attack small to mid-sized crypto startups.

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.

Share this article