North Korea's state-backed hackers have an “aggressive, relentless” knack for finding and exploiting vulnerabilities, making them more dangerous than other groups, a former FBI agent told Benzinga.
Social Engineering Hacks?
North Korean hackers pose an existential threat to cryptocurrency ecosystems, having stolen over $2 billion worth of assets in 2025 alone. Things have worsened in 2026, with April recording the highest number of cryptocurrency hacking incidents on record.
The U.S. government claims that the illegal proceeds from the thefts are used to fund North Korea’s weapons and missile program.
Stephanie Talamantez, who spent more than 20 years with the FBI and now serves as Senior Managing Director at Guidepost Solutions, said that these actors have progressed from simple hacking to sophisticated social engineering techniques.
“A company can put all the guardrails in place possible, but attacks that exploit human psychology can bypass those defenses within moments,” she said.
Talamantez stated that North Korea is running an “aggressive recruitment fraud” in which perpetrators impersonate reputable cryptocurrency companies or headhunters, and that even she was approached in one such attempt on LinkedIn.
It’s worth also highlighting the notorious 2022 Ronin Network breach, in which the Lazarus Group stole nearly $620 million after infiltrating the network by posing as a recruiter on LinkedIn.
But these bad actors have also weaponized people's trust in other ways.
‘Taking Their Time’ To Select High-Value Targets
Rongui Gu, co-founder and CEO of blockchain security firm CertiK, pointed to Drift Protocol’s $285 million exploit, where attackers spent months posing as a legitimate firm, met targets face-to-face at international conferences and even deposited $1 million of their own money into the platform to build trust.
“This tells us these groups are taking their time to hand-select targets and develop a strategy for infiltration, rather than spraying the market with low-value attacks,” Gu told Benzinga.
Crypto Industry’s Weaknesses
Despite one high-profile breach after another, the cryptocurrency sector has struggled to implement a sustainable, long-term defense.
“I would argue that the industry's biggest structural weakness is coordination,” Gu stated, noting that asset freezes, law enforcement referrals, and analytics tracing often happen across different jurisdictions and compliance standards.
“DPRK actors will exploit that fragmentation because just one weak intermediary can keep the laundering chain alive,” the CertiK CEO added.
However, Talamantez pointed to a different problem: the silence of the victims.
“Organizations often hesitate to disclose that they have been targeted or successfully compromised, which limits the broader sharing of threat intelligence,” the former FBI agent said. “As a result, other companies may remain unaware of active attack patterns.”
The Way Ahead
Gu believes that management teams need more security processes in place for transaction authorization, infrastructure protection and internal security awareness.
“Projects should use formal verification to rigorously validate the logical correctness of underlying protocols and eliminate hidden vulnerabilities before deployment,” he recommended.
Talamantez highlighted solutions such as smart contract analysis tools that execute “simulated transactions” beforehand to identify any malicious alterations.
She also emphasized the importance of human risk awareness, urging companies to train employees on what warning signs to watch for
Photo Courtesy: Stephanie A. Talamantez
Login to comment