Report: North Korean Hackers Set Up Fake US Companies to Infiltrate Crypto Projects
A recent cybersecurity report has revealed that North Korean hackers, linked to the infamous Lazarus Group, have been creating fake US-based companies to target cryptocurrency developers and infiltrate crypto projects. This sophisticated operation exposes critical gaps in US business registration systems and highlights ongoing threats to the digital asset industry.
According to Reuters, cybersecurity firm Silent Push identified at least two fraudulent entities—Blocknovas LLC in New Mexico and Softglide LLC in New York—both established using forged identities and documentation. These shell companies were designed to appear as legitimate crypto employers offering enticing job opportunities to developers in the industry. A third unregistered entity, Angeloper Agency, was also linked to the campaign.
Fake Interviews and Malware Attacks
The Lazarus Group, operating under North Korea’s military intelligence agency, the Reconnaissance General Bureau, is known for its cyber heists and espionage operations. In this campaign, a Lazarus-affiliated subgroup posed as crypto firms to deliver malware through fake job interviews, primarily via platforms like LinkedIn.
Victims were tricked into downloading malware disguised as interview software or technical assessments. Blocknovas LLC was reportedly the most active front, using a false address in South Carolina—later revealed to be an empty lot. Softglide, meanwhile, was registered through a Buffalo-based tax service, complicating attribution efforts.
The malware used in these operations included known North Korean strains capable of stealing data, remotely accessing systems, and spreading across networks. The FBI has since seized the Blocknovas domain, posting a warning that it had been used to conduct fraudulent job scams.
A Broader Strategy of Cyber Infiltration
This isn’t the first time the Lazarus Group has employed fake job offers to compromise crypto targets. Past campaigns, such as “ClickFix,” targeted professionals in centralized finance (CeFi), posing as recruiters from major companies like Coinbase and Tether. In one of the group’s most notorious hacks, a fake job offer led to the $625 million Ronin Bridge hack that affected Axie Infinity in 2021.
These efforts underscore a broader North Korean strategy to breach crypto ecosystems through deceptive business fronts, highlighting the urgent need for tighter vetting processes and enhanced cyber defenses.
