North Korean hackers are ramping up the scale of attacks on the crypto industry using AI deepfakes

Cybercriminals operating under North Korean control are expanding their attack front against cryptocurrency industry professionals, employing advanced artificial intelligence technologies to create convincing video deepfakes. Hacker groups are using a new arsenal of tools to infiltrate trusted individuals’ systems within the crypto industry.

According to information from reputable sources, including reports from Odaily, malicious actors initiate video calls from infected Telegram accounts, impersonating acquaintances or authoritative figures. BTC Prague project director Martin Kuhar described a common scheme: users are prompted to install a supposedly necessary plugin to fix sound issues in Zoom. In reality, this is malicious software that gives attackers full control over the device and access to all data stored on it.

Analysis of Attack Methods and the Role of Deepfake Technologies

Cybersecurity firm Huntress has established that the methods used closely correlate with previous operations targeting developers of cryptocurrency projects. Malicious scripts demonstrate a multi-layered architecture for infecting macOS operating systems. In addition to typical data theft functions, they are capable of implanting persistent backdoors into the system, logging keystrokes, intercepting clipboard data, and gaining access to encrypted assets in digital wallets.

Information security experts from SlowMist, known for their contributions to blockchain ecosystem protection, are confident that coordinated attacks originate from the international hacker organization Lazarus Group (also known as BlueNoroff), supported by the North Korean government. The pattern of operations indicates systematic reuse of tools for targeting specific wallets and crypto industry professionals.

Threat to Authenticity: Why Deepfakes Complicate Identification

With the rapid development of voice and video synthesis technologies, visual methods of identity verification are losing reliability. Traditional approaches to verifying authenticity are becoming ineffective. Cybersecurity experts warn that the industry must adapt to these new realities and urgently improve information security procedures.

Protection Strategy for Crypto Professionals

In response to the growing threats from hackers, crypto industry professionals are advised to immediately implement multi-factor authentication on all critical services. Caution should be exercised when receiving video calls from unfamiliar individuals, even if they claim to be acquaintances. Software installation should only be performed through official distribution channels, and systems must be protected with up-to-date antivirus solutions. Cryptocurrency companies and individual professionals must remain on high alert, constantly monitoring the security of their devices and accounts as hackers employ increasingly sophisticated attack methods.