5 facts about the North Korea crypto attack that security analysts are hunting for
Jakarta, Pintu News – A hacker group linked to North Korea is back in the cryptocurrency community for a series of sophisticated attacks that managed to gain global attention, including the theft of more than $300 million through fake Zoom meetings and malware tactics monitored by security researchers.
This information was sourced from the BeInCrypto report as well as analysis and documentation by cybersecurity firms and widely discussed international media.
1. Crypto-Draining Fake Zoom Mode
Reports from BeInCrypto suggest that North Korean hackers managed to steal over $300 million in crypto assets through fake Zoom and Microsoft Teams video calls created to fool victims. The attackers took over trusted Telegram accounts and utilized video footage to make the calls appear to come from known industry figures. This strategy attracted attention due to its highly structured social techniques used against crypto executives and market participants.
Once the victim joins the call, the attacker creates a technical issue and encourages the victim to download a script or update containing malware that then takes control of the device and drains the target’s crypto wallet. This technique continues to be bought up by many security agencies due to its ability to grant full access through a simple yet effective method.
Also Read: Charles Hoskinson Shares Cardano 2026 Big Plan: It’s the Future of ADA!
2. Deepfake Tactics and Malware Behind the Attack
Security researchers also discovered another monitored tactic where hackers used deepfake technology to impersonate company leaders in video calls, then encouraged victims to install malware on their systems. Security firm Huntress noted that this manipulation successfully deceived workers in the blockchain sector with legitimate-looking but malicious tools.
The installed malware not only takes over the device but also collects sensitive data including Telegram sessions and credentials, which are then used to attack subsequent targets, making this phenomenon widely discussed as a multiple threat.
3. The Scale of North Korea’s Crypto Theft Is Wider
According to an independent analysis involving Chainalysis data and international security coalition parties, North Korea is suspected to have stolen at least $2.8 billion in cryptocurrencies between January 2024 and September 2025, a figure that represents cybercrime activity in the global spotlight. This estimate includes major heists including the theft of funds from exchanges and DeFi protocols.
This figure shows that in addition to fake Zoom tactics, broader campaigns including large heists such as attacks on popular platforms accounted for a large portion of the amount, thus impacting not only individuals but the digital financial system as a whole.
4. Focus on Crypto Targets and Mac Devices
Several security reports indicate a change in the modus operandi of North Korean hackers who are now also being monitored utilizing attacks on Mac systems through specialized malware such as “NimDoor” designed to target browser wallets and passwords. This technique suggests that targets are not only platforms but also individual user devices within the crypto ecosystem.
This method illustrates that threats to cryptocurrencies come not only from direct theft from exchanges but also from technical manipulation on end-user devices. Security researchers believe that this trend is favored by bad actors because it provides a level of access within the blockchain ecosystem.
5. Broader Implications for the Crypto Industry
Attacks monitored by various security agencies show that organized threats like this not only impact individual victims, but are also being discussed in the context of systemic risks to the cryptocurrency industry. State-backed hackers could use stolen proceeds to fund other, larger operations, including military programs, according to independent reports.
This phenomenon has security professionals and regulators watching closely, as the integrity of decentralized platforms, wallets, and networks becomes increasingly vulnerable to evolving social engineering tactics and malware.
Also Read: Bitcoin Outlook 2026: Will it Reach $150,000?
Follow us on Google News to get the latest information about crypto and blockchain technology. Check Bitcoin price today, Solana price today, Pepe coin and other crypto asset prices through Pintu Market.
Enjoy an easy and secure crypto trading experience by downloading Pintu crypto app via Google Play Store or App Store now. Also, get a web trading experience with various advanced trading tools such as pro charting, various types of order types, and portfolio tracker only at Pintu Pro.
*Disclaimer
This content aims to enrich readers’ information. Pintu collects this information from various relevant sources and is not influenced by outside parties. Note that an asset’s past performance does not determine its projected future performance. Crypto trading activities are subject to high risk and volatility, always do your own research and use cold hard cash before investing. All activities of buying andselling Bitcoin and other crypto asset investments are the responsibility of the reader.
FAQ
What are the crypto attacks via Zoom that the market is monitoring?
This attack is where the perpetrators use fake Zoom invitations to trick victims into installing malware which then steals wallet keys and cryptocurrency assets.
Why is North Korea in the conversation in the context of crypto attacks?
A hacker group linked to North Korea has been identified as carrying out large-scale thefts with sophisticated social techniques against targets in the cryptocurrency industry and the global web3.
How much of an impact will this have on the crypto industry?
According to security analysis, North Korea has allegedly stolen billions of dollars in digital assets, reflecting the growing systemic risk in the cryptocurrency space.
What should crypto industry players be aware of?
Parties involved in cryptocurrencies are advised to be aware of requests to download software during calls and improve the security of digital communications to prevent social manipulation.
What is the difference between regular malware and deepfake techniques in this attack?
Regular malware can steal technical data, while deepfake techniques are used to psychologically trick victims by faking the identity of a trusted figure during the call.
Reference
- BeInCrypto. Triều hacker Tiên đánh cắp 300 triệu USD qua các cuộc học Zoom giả mạo. Accessed December 15, 2025.
