According to Arthur Cheong, founder of DeFiance Capital, North Korean hackers are actively seeking to compromise top crypto organizations. On April 15, he disseminated this information via a tweetstorm, citing research from leading cybersecurity experts. Cheong specifically mentioned a hacker group called BlueNorOff, which is supported by the North Korean government.
According to him, BlueNorOff’s recent social engineering attacks demonstrate that the group has mapped the entire crypto space’s relationship graph. He went on to say that this ability aids the hacker group in the creation of phishing emails that have a high probability of eluding the defenses of most crypto organizations.
Notably, BlueNorOff is not the only North Korean cybercrime organization focusing on the cryptocurrency space. The US Treasury Department recently linked Lazarus, a notorious North Korean hacking group, to the theft of $625 million from the Axie Infinity Ronin bridge.
Cheong collaborated with Jun Hao, a cybersecurity expert, to propose viable solutions for the problem at hand, in order to assist crypto organizations in protecting their operations from North Korean attacks.
Among the solutions proposed by the duo is the storage of on-chain crypto assets on enterprise-grade custodial solutions. Externally Owned Accounts (EOAs) secured by a hardware wallet, according to Cheong, do not provide adequate protection because attackers can insert a false Metamask browser extension and initiate the approval of unintended transactions.
He suggested using multi-signature wallets like Gnosis Safe, which are secured by multiple hardware wallets. Cheong recommends that crypto platforms use custody solutions with multisig two-factor authentication for increased security (2FA). To name a few, these are Fireblocks, Copper, and Qredo.
Cheong also recommended using 2FA for all sign-ins, bookmarking frequently used crypto dApp websites, rescinding unnecessary token approval, using dedicated computers for crypto transactions, and exercising caution when hiring remote software engineers and developers.
This news comes as hackers continue to launch large-scale attacks on DeFi protocols, with Beanstalk Farms being the most recent victim. Yesterday, malicious actors used a flash loan exploit to steal more than $180 million from the protocol.