Study: North Korean hackers have stolen $1.6 billion in cryptocurrency this year by using fake job offers to infiltrate cloud systems

PANews reported on August 5th, according to Decrypt. According to research by Google Cloud and the cybersecurity firm Wiz, North Korean hacker groups are infiltrating cloud systems through fake IT job offers, and are estimated to have stolen $1.6 billion worth of cryptocurrency by 2025. The research shows that the hacker team codenamed UNC4899 (also known as TraderTraitor, Jade Sleet, or Slow Pisces) posed as recruiters on social media, tricking employees of targeted companies into running malicious programs. They successfully compromised Google Cloud and AWS systems and hijacked cryptocurrency trading servers. Wiz stated that TraderTraitor represents a type of threat activity, not a specific group. North Korean-backed entities such as the Lazarus Group, APT38, BlueNoroff, and Stardust Chollima are all behind typical TraderTraitor attacks.

This attack model has continued to evolve since 2020: initially using JavaScript to build malicious crypto applications, then introducing open source code exploits in 2023, and focusing on attacks against exchange cloud infrastructure in 2024, including the intrusion that caused $305 million in losses to Japan's DMM Bitcoin. Experts point out that North Korean hackers have pioneered the use of AI to generate phishing emails and malicious scripts, and their attack team may number in the thousands.