North Korean Hackers Target Crypto Investors with VC Impersonation Scam: Kaspersky Report

North Korean Hackers Impersonating Crypto VCs in New Phishing Scam

BlueNoroff, a subgroup of North Korean state-sponsored hacking group Lazarus, is impersonating venture capitalists (VCs) in a new phishing scheme targeting cryptocurrency start-ups.

BlueNoroff has created over 70 fake domains posing as VC firms and banks, with most pretending to be Japanese companies and others assuming the identity of US and Vietnamese firms.

The fake VCs then use malware to target start-ups dealing with smart contracts, DeFi, blockchain and the fintech industry.

The group is also using software to bypass Microsoft’s Mark-of-the-Web technology, which warns users when opening files downloaded from the internet.

BlueNoroff’s goal is to intercept large cryptocurrency transfers by changing the recipient’s address and draining the account in a single transaction.

North Korean hackers have stolen an estimated KRW 1.5tn ($1.2bn) in crypto assets since 2017, with KRW 800bn ($626m) stolen so far this year.


Roland is a Public Relations & Communications guru with an immense passion for the blockchain and crypto industry. A fusion of his expertise and passion led to the dawn of Optimisus in 2020.