Fireblocks CEO says North Korea-linked job recruitment scam targeted LinkedIn profiles

Fireblocks, a company specializing in digital asset infrastructure, has successfully disrupted a sophisticated job recruitment scam tied to North Korea that was aimed at digital asset developers. The organization revealed that cybercriminals were using fraudulent job interviews to compromise developers, ultimately gaining unauthorized access to critical cryptocurrency infrastructure. According to Fireblocks, the hackers meticulously mimicked a legitimate hiring process, impersonating recruiters, conducting interviews via Google Meet, and distributing take-home assignments through GitHub. Michael Shaulov, CEO of Fireblocks, explained to CNBC that the attackers were effectively 'weaponizing' an authentic job interview to create a seemingly legitimate interaction with potential candidates. During what appeared to be a routine installation, candidates inadvertently installed malware that could compromise their digital wallets, private keys, and production systems. Shaulov noted that the scammers specifically targeted engineers who held 'privileged access,' based on their LinkedIn profiles. The firm identified nearly a dozen fake accounts that frequently changed their company branding, suggesting that this scam has been operating for several years. Furthermore, Fireblocks was able to engage with the hackers, collecting what they refer to as 'indications of compromise'—essentially, the digital fingerprints of the tools and malware used during these attacks. In collaboration with LinkedIn and law enforcement, Fireblocks worked to eliminate these fraudulent profiles. A LinkedIn spokesperson shared that over 99% of the false accounts are detected proactively, even before users initiate reports. The platform, aimed at professionals, continuously invests in technology to identify harmful activities and has implemented safety measures, such as in-message warnings for conversations that move off-platform and verification badges for recruiters. This revelation follows a significant incident last year when Bybit fell victim to the largest cryptocurrency heist in history, with hackers stealing $1.5 billion in digital assets. Analysts from blockchain analysis firm Elliptic have linked this cyberattack to North Korea's Lazarus Group, a notorious state-sponsored hacking organization known for its extensive thefts from the crypto sector. Shaulov, who has previously investigated the Lazarus Group's 2017 cyberattacks on cryptocurrency exchanges, remarked that the sophistication of these hackers, particularly those associated with North Korea, has advanced rapidly. He recalled a time when their grammar and spelling errors made them easy to identify, stating, 'It was actually quite easy.' Now, he noted, 'it looks like they graduated from [The University of] Oxford,' highlighting the increased sophistication of the tactics employed by these attackers, which have been greatly enhanced by artificial intelligence.