Ripple will share intelligence on North Korean hackers with the cryptocurrency industry to combat the shift from exploiting code vulnerabilities to social engineering tactics
BlockBeats News, May 5th, Ripple announced that it is currently sharing its internal threat intelligence on North Korean hackers with the cryptocurrency industry. This move has redefined the industry's approach to the evolving tactics of North Korean attacks. No exploits or smart contract attacks were found. North Korean hackers spent months getting close to a Drift contributor, implanting malware on their device, and absconding with keys. When $285 million was being transferred, all systems meant to detect hacker activity failed to flag any anomalies.
This is the version of events described by Ripple and the Cryptocurrency Industry Information Sharing Organization Crypto ISAC on Monday, announcing Ripple's sharing of its internal data on North Korean threat actors with the rest of the industry. The DeFi hacking spree from 2022 to 2024, which centered on code exploitation, saw attackers exploiting smart contract vulnerabilities to drain protocols within minutes. However, as security measures tightened, the modus operandi shifted from the technical realm to human interaction. Attackers applied to work at crypto companies, underwent background checks, appeared on Zoom calls, spent months building trust, and then deployed attacks that traditional security tools could not detect—simply because the attackers were already inside.
Ripple is now providing Crypto ISAC with data portraits that enable this pattern to be recognized across companies, including LinkedIn profiles, email addresses, location, and contact information—these connectivity details empower security teams to identify a candidate they just interviewed, who was the same actor that failed background checks at three other companies last week. Furthermore, the Kelp incident, where $292 million in ETH was stolen due to an attack, has also been publicly attributed to the Lazarus Group actors. This has resulted in a combined loss of over $500 million in April for Drift and Kelp, both linked to actors from the same country within a one-month timeframe.
