North Korean Hackers Infiltrate DeFi Projects Through Social Engineering

North Korea's Lazarus Group has been making headlines for its sophisticated cyber attacks on decentralized finance (DeFi) projects. The group has infiltrated multiple DeFi platforms through social engineering and fake developer identities, allowing them to gain access to sensitive information and funds.

Their modus operandi involves posing as skilled developers or IT freelancers and applying for remote roles at crypto firms. They build rapport with the teams over months via Telegram or in-person meetings, gaining their trust before introducing vulnerabilities or deploying malware.

One such case was the Drift Protocol hack, which resulted in losses of about $285 million. The exploit targeted developer tools and compromised sensitive credentials and access keys. Blockchain analytics firms attributed the attack to North Korean-linked actors.

In response to this growing threat, some teams have adopted a simple interview tactic known as the 'Kim Jong Un test.' During interviews, candidates may be asked to criticize North Korea's leader, a question that often reveals their true intentions.