North Korean hackers affiliated with the notorious Lazarus Group legally established shell companies in the United States to carry out sophisticated cyberattacks targeting the crypto industry. According to a Reuters report, the hackers set up their companies in the states of New Mexico and New York using fake personas and addresses.
Hackers Continue to Evolve Tactics
These front firms, Blocknovas LLC and Softglide LLC, were used as part of an elaborate scheme to defraud victims. The attackers posed as legitimate recruiters offering jobs to crypto developers. In reality, these offers served as a vehicle to distribute malware and infiltrate victims’ systems.
Notably, this tactic was uncovered by the cybersecurity company Silent Push. The firm described it as a rare instance of North Korean hackers going as far as registering legal business entities on American soil to gain legitimacy and mask their true intentions.
“These attacks utilize fake personas offering job interviews, which lead to sophisticated malware deployments in order to compromise the cryptocurrency wallets of developers, and they also target the developers’ passwords and credentials which could be used to further attacks on legitimate businesses,” said Kasey Best, director of threat intelligence at Silent Push.
The Lazarus Group has long been associated with a string of high-profile crypto thefts. Earlier this year, they drained a whopping $1.4 billion from the crypto exchange Bybit. The stolen funds are reportedly channeled into financing North Korea’s sanctioned weapons programs.
By using American shell companies, the hackers likely sought to gain deeper trust from their targets and avoid immediate red flags that come with foreign entities. This level of operational sophistication suggests that the notorious group does not have any plans of stopping their attacks.
Enforcement Action
Several victims reportedly fell for the ruse, though the extent of the damage has not been disclosed. Moreover, the FBI took over the Blocknovas website on Thursday as part of an investigation into the North Korean hackers.
The officials also highlighted that they would continue to focus on imposing risks and consequences on both the bad actors and anyone who is facilitating their ability to conduct these schemes.
Get Trending Crypto News as It Happens. Follow CoinTab News on X (Twitter) Now
Sampson Gideon | February 9, 2026
Jonathan Agozie | February 9, 2026
Ephraim Emmanuel | February 9, 2026
