Analysis: North Korean hackers have stolen $1.6 billion in cryptocurrency this year by tricking systems into running malicious programs

According to a report by Decrypt, based on research from Google Cloud and cybersecurity company Wiz, North Korean hackers are infiltrating cloud systems through fake IT job offers, with an estimated theft of $1.6 billion in cryptocurrencies by 2025. The research shows that the hacker group codenamed UNC4899 (also known as TraderTraitor, Jade Sleet, or Slow Pisces) impersonates recruiters on social media, tricking employees of target companies into running malicious programs, successfully infiltrating Google Cloud and AWS systems and hijacking cryptocurrency trading hosts. Wiz states that TraderTraitor represents a type of threat activity rather than a specific group, with North Korea-supported entities like Lazarus Group, APT38, BlueNoroff, and Stardust Chollima being typical masterminds behind such attacks. The attack pattern has been evolving since 2020: initially using JavaScript to build malicious crypto applications, introducing open-source code vulnerability exploits in 2023, and focusing on attacking exchange cloud infrastructures in 2024, including the invasion that caused $305 million in losses for DMM Bitcoin in Japan. Experts note that North Korean hackers are pioneering the use of AI technology to generate phishing emails and malicious scripts, with their attack teams potentially numbering in the thousands.