North Korea’s Lazarus Group Uses Crypto Payments to Infiltrate Firms
North Korea’s Lazarus Group has devised a new way to infiltrate cryptocurrency firms—by sending digital assets to their targets in an elaborate social engineering scheme designed to build trust before launching an attack.
A security researcher known as 23pds, the Chief Information Security Officer (CISO) at Web3 security firm SlowMist, explained that this method involves sending cryptocurrency to potential victims to appear credible. In one known case, an individual received $400 in USDT, though some payments reportedly reach thousands of dollars.
The hackers use these financial transactions to establish legitimacy, increasing the chances that their targets will unknowingly cooperate. By engaging with employees at crypto companies, they create a sense of trust before introducing harmful code through private GitHub repositories or live chat platforms. Once victims execute the compromised software, the attackers gain unauthorized access to internal systems.
READ MORE: SEC Set to Dismiss Coinbase Lawsuit, Marking a Major Shift in Crypto Regulation
Unlike traditional cyberattacks that exploit software vulnerabilities, this strategy preys on human psychology, making employees the weakest link in security defenses. 23pds urged firms to strengthen internal protocols and train their staff to recognize these deceptive tactics, emphasizing the need for heightened awareness.
The resurgence of Lazarus Group’s operations signals a growing security threat for the crypto industry. North Korean-backed cybercriminals were responsible for stealing $1.34 billion in 2024—more than double the amount attributed to them the previous year. However, their activity declined following a high-profile summit between Russian President Vladimir Putin and North Korean leader Kim Jong Un in mid-2024, raising questions about their future operations.
Alexander Stefanov
Reporter at CoinsPress
Alex is Editor-in-Chief of Coinspress and co-founder of Millennial Media Group, with nearly a decade of experience covering financial markets - crypto first, then everything else. It started in 2016 with Bitcoin. Like most people at the time, he didn't fully understand it - so he kept digging. Blockchain, tokenomics, the projects, the cycles. That curiosity never stopped, and eventually pulled him into traditional markets too: equities, commodities, macro. Not because he left crypto behind, but because you can't properly understand one without the other. What drives him is straightforward: he wants to know why something is happening, not just that it's happening. Most market coverage stops at the headline - price up, price down, here's a chart. Alex finds that kind of reporting actively unhelpful. If you walk away from an article without understanding the mechanism behind the move, what did you actually learn? He holds a degree in Tourism from New Bulgarian University - not the most obvious path into financial markets, but markets have a way of pulling in people who are simply too curious to stay out. He has authored over 200 in-depth analyses and more than 10,000 articles across crypto and traditional finance. He still thinks every day in markets teaches him something new. That's probably why he hasn't stopped.
