Tech

Fireblocks uncovers North Korea-linked job scam targeting crypto developers

Fireblocks says a North Korea–linked impersonation scam targeted LinkedIn profiles by mimicking the company's hiring process. The operation staged fake Google Meet interviews and distributed take-home tasks via GitHub to recruit engineers with privileged access, potentially exposing wallets and production systems. The case underscores how onboarding channels can be weaponized against crypto firms.

📅 January 30, 2026
⏱️ 2 min read
Fireblocks uncovers North Korea-linked job scam targeting crypto developers

Key Takeaways

  • The attackers operated nearly a dozen fake profiles that continuously changed their brand identity and likely worked for years.
  • Fake Google Meet interviews and GitHub-hosted take-home tasks were used to recruit engineers with privileged access.
  • Malware was installed during the interview steps, potentially exposing wallets, keys, and production systems.
  • Fireblocks collaborated with LinkedIn and law enforcement to remove the profiles; LinkedIn says over 99% of fake accounts are proactively detected and removed.
  • The Lazarus Group is tied to prior crypto heists, including the 2017 $200 million South Korea exchange hacks.

People Involved

  • Michael ShaulovCEO, Fireblocks

Entities Involved

  • FireblocksDigital asset custody platform
  • LinkedInProfessional networking site
  • Lazarus GroupNorth Korea state-backed hacking group
  • BybitCrypto exchange
  • EllipticBlockchain analytics firm
  • Google LLCProvider of Google Meet
  • GitHub, Inc.Code-hosting platform

MarketMoodz Analysis

Investors should see this as a reminder that the crypto industry's strongest attack surface remains people and processes, not just code. Impersonation tied to recruitment creates insider risk and supply-chain exposure for custodians and exchanges, especially as hackers blend social engineering with legitimate interview rituals. Firms should tighten verification of candidates, extend vendor risk controls, and rehearse incident response around onboarding.

Historically, Lazarus Group has been linked to high-profile crypto heists, including the 2017 $200 million attack on South Korean exchanges, underscoring a long-running pattern of state-backed crypto crime. While some claims (such as a $1.5 billion Bybit incident) lack independent corroboration, the broader trend toward AI-enabled phishing and sophisticated impersonation is clear. Watch regulators' responses, escalations in third-party risk management, and any updates from Fireblocks and peers on onboarding security.

Source: Original Article

Get AI-Powered Market Insights

Stay ahead of market-moving events with our real-time analysis and stock ratings.

Start Your Free Trial