BlockBriefly
North Korean Cyber Attacks Target Crypto Workers via Hijacked Repositories and Malware
June 20, 2025

North Korean Cyber Attacks Target Crypto Workers via Hijacked Repositories and Malware

By: Isha Das

A recent series of cybersecurity breaches have shone a spotlight on North Korean operations targeting the cryptocurrency industry. Reports have revealed the infiltration of dormant repositories and the deployment of sophisticated malware specifically aimed at crypto workers. Most notably, a North Korean developer gained unauthorized access within Waves Protocol's Keeper-Wallet repository, where suspicious codes were inserted to potentially harvest users' credentials. This incident emphasizes vulnerabilities in software supply chains that North Korean actors have been exploiting with increasing frequency.

The Waves Keeper-Wallet incident marks a significant move from isolated digital freelancing to direct interference in repository controls. A developer with the pseudonym "AhegaoXXX" managed to subvert typical checks by leveraging dormant accounts, such as that of former Waves engineer Maxim Smolyakov, to introduce and approve credential-stealing updates. By pushing changes under valid account credentials, they secured a direct route to distribute these malicious builds, which included scripts to export sensitive wallet data like mnemonic phrases and private keys to external servers. This breach places any Keeper-Wallet user who updates or installs the affected packages at risk of substantial financial losses.

Parallel to these repository hijackings, North Korean hackers have been conducting targeted malware attacks. Utilizing fake job postings and false recruitment identities from reputable companies like Coinbase and Uniswap, the threat actor group 'Famous Chollima' aims to install a Python-based remote access trojan called 'PylangGhost.' This malware is designed to secretly capture passwords for cryptocurrency wallets and password managers, primarily targeting professionals in India’s burgeoning crypto industry. The attackers employ sophisticated social engineering tactics to propagate these threats, underlining the importance of vigilance and precaution for crypto workers globally.

These coordinated attacks reveal a concerted effort by North Korean operatives to exploit the crypto industry’s supply chains. As advisories suggest, organizations within the crypto sphere must bolster their defenses against such supply-chain risks by reviewing contributor privileges, removing inactive users, and tracking package release activities. Furthermore, regular audits of email domains and an updated security protocol can serve as significant deterrents to potential breaches. This wave of cyber threat activities underscores the urgent need for a more robust and nuanced approach to securing digital assets against state-sponsored cybercriminals.

Latest News

TikTok Denies Allegations of Purchasing Trump Memecoin
June 20, 2025
TikTok Denies Allegations of Purchasing Trump Memecoin
Arizona Senate Revives Bitcoin Reserve Bill for Seized Crypto
June 20, 2025
Arizona Senate Revives Bitcoin Reserve Bill for Seized Crypto
Semler Scientific's Ambitious Bitcoin Acquisition Strategy By 2027
June 20, 2025
Semler Scientific's Ambitious Bitcoin Acquisition Strategy By 2027
Understanding 'Pig Butchering' Crypto Scams: How They Operate and How to Stay Safe
June 20, 2025
Understanding 'Pig Butchering' Crypto Scams: How They Operate and How to Stay Safe
Get In Touch

[email protected]

Follow Us
News Directory
Past Market Trends

© BlockBriefly. All Rights Reserved.