Slow Pisces, a North Korean state-sponsored threat group, has stolen over $1 billion from the cryptocurrency sector in 2023 by targeting developers through disguised job offers on LinkedIn. They use malware hidden within coding challenges and have been linked to significant thefts from cryptocurrency companies, prompting action from GitHub and LinkedIn to remove malicious accounts. The malware employs advanced techniques like YAML deserialization to evade detection and execute additional payloads.

Nearly 28% of the $1.4 billion stolen from Bybit has become untraceable, according to CEO Ben Zhou. The funds have been funneled through mixers and decentralized platforms, complicating recovery efforts. Zhou urged bounty hunters to assist in freezing stolen assets, with some success reported.

North Korea has expressed interest in accepting cryptocurrency as a form of payment for its applicants, including those looking to work in India. This move is part of a broader strategy to enhance its economic engagement through digital currencies, despite the country's ongoing international sanctions.

North Korean threat actor UNC5342 has begun using a technique called EtherHiding to deliver malware and steal cryptocurrency, marking a significant evolution in nation-state cyber threats. This method involves embedding malicious JavaScript within smart contracts on public blockchains, allowing attackers to retrieve payloads stealthily and without leaving a trace. The ongoing social engineering campaign targets developers with fake job offers to facilitate these attacks.

North Korea is reportedly targeting cryptocurrency job seekers to distribute malware designed to steal passwords. These cyber operations aim to exploit the growing interest in crypto jobs, leveraging social engineering tactics to infect potential candidates' devices. The initiative reflects North Korea's ongoing efforts to fund its regime through cybercrime activities.

The U.S. government has seized approximately $774 million in cryptocurrency linked to North Korean cybercriminal activities. This operation is part of ongoing efforts to disrupt the funding of illicit activities supported by the North Korean regime, particularly through hacking and ransomware schemes.