North Korean Hackers Target Web3 Protocols, Compromising Security and Assets
North Korean hacking groups have intensified their attacks on the crypto sector, particularly in 2025. Key points include:
- Attacks linked to North Korean-affiliated hackers aimed at $1.5 billion in assets at Bybit through credential harvesting.
- Malware attacks targeting MetaMask and Trust Wallet users.
- Attempts to infiltrate exchanges via fake job applications and establishment of U.S.-based shell companies to target developers.
- Human operational vulnerabilities pose a greater risk than smart contract exploits.
Despite significant investment in smart contract security, many DeFi projects neglect basic operational security (OPSEC). Issues identified include:
- Lack of dedicated security leads within teams managing large treasuries.
- Onboarding processes often conducted via unsecured channels like Discord or Telegram.
- Code changes pushed from unvetted devices without proper security measures.
- Absence of structured incident response plans.
Failures are not limited to state-sponsored attacks; insider threats and bribery have led to significant breaches, as seen in the Coinbase incident costing between $180 million and $400 million. Operational negligence remains widespread across the industry.
To improve security, Web3 should adopt practices from traditional finance, including:
- Structured onboarding and offboarding processes.
- Layered defenses against cyberattacks.
- Regular red-team simulations to test vulnerabilities.
- Implementation of multi-signature wallets and stringent contributor vetting.
Decentralization should not excuse poor security practices. The industry must prioritize disciplined cybersecurity to protect against increasing threats.