North Korean Hackers Attempt to Apply to Binance Daily, Forge Large Number of Resumes

BlockBeats News, August 13th, Binance Chief Security Officer Jimmy Su stated that the exchange receives a large number of forged resumes every day, and he is confident that these resumes are all written by potential North Korean attackers. In his view, state-level attackers from North Korea are the biggest threat faced by companies in the crypto industry today. Su explained that North Korean attackers have been a problem throughout Binance's eight-year operating history, but recently, their attack methods have been upgraded in the crypto field.

「Currently, the biggest threat to the crypto industry is state-level attackers, especially North Korea's Lazarus Group,」 Su added, 「In the past two to three years, they have focused on the crypto field and have been quite successful in their actions.」 He also mentioned, 「Almost all major North Korean hacker incidents involve someone posing as an employee to assist in the attack.」

North Korean state-level attackers have two common attack methods: implanting malicious code in public NPM libraries and issuing fake job invitations to crypto professionals. NPM (Node Package Manager) libraries or packages are a commonly used collection of reusable code by developers. Malicious attackers can replicate these packages and insert a small line of malicious code, which could have serious consequences while preserving the original functionality. Even if this malicious code is discovered only once, it will gradually penetrate the system as developers build new features on top of it.

To mitigate such risks, Binance must carefully review every line of code. Major crypto exchange platforms share security intelligence in Telegram and Signal groups to identify libraries with malicious code implants and emerging attack methods from North Korea.