Ужесточение мер безопасности в криптоиндустрии: как избежать атак северокорейских хакеров Translation: Strengthening Security Measures in the Crypto Industry: How to Avoid Attacks from North Korean Hackers

The crypto industry must re-evaluate its security strategies to curb the unprecedented thefts by North Korean hackers. In a comment to The Block, Andrew Firman, head of the national security department at Chainalysis, highlighted that mere international sanctions are insufficient.

The expert urged companies to implement rigorous personnel screening procedures, including mandatory video interviews, thorough identity verification, and geolocation monitoring. This approach will help identify North Korean IT specialists who may infiltrate blockchain projects and defense firms using falsified documents to gain access to internal systems.

Firman emphasized that while it is impossible to eliminate the threat entirely, coordinated efforts among exchanges, analytics firms, and law enforcement can significantly hinder hackers’ operations. Rapid intelligence sharing will restrict attackers’ capacity to quickly liquidate assets.

The focus on preventive measures is linked to a sharp increase in activity by the Lazarus group and other North Korean hackers. In the first half of 2025, they stole over $2.17 billion worth of cryptocurrency, surpassing the totals for all of 2024, according to Chainalysis.

The largest incident involved the hack of the Bybit exchange, where attackers siphoned off $1.5 billion in Ethereum. This was followed by an attack on the South Korean platform Upbit, resulting in a loss of $37 million.

The hackers’ methods have become more aggressive, now targeting supply chains by breaching third-party service providers. To increase their effectiveness and create convincing “digital identities,” the criminals have begun using artificial intelligence.

Money laundering schemes have also grown more complex. Funds are funneled through mixers, OTC brokers, and decentralized exchanges. Hackers employ multiple channels simultaneously, crafting intricate transaction paths to obscure their traces.

Additionally, it is worth remembering that in September, former Binance CEO Changpeng Zhao warned about the threat of “mole employees” from North Korea.