Fireblocks just exposed a sophisticated North Korea-linked operation that's turning LinkedIn job interviews into cyber weapons. The digital asset infrastructure company disrupted a recruitment scam that weaponized fake hiring processes to plant malware on crypto developers' machines, potentially exposing wallets, private keys, and production systems. CEO Michael Shaulov says hackers tied to North Korea are evolving at "lightspeed" thanks to AI, making social engineering attacks nearly impossible to detect.
Fireblocks just pulled back the curtain on one of the most sophisticated social engineering operations targeting the crypto industry - and it's hiding in plain sight on LinkedIn. The digital asset infrastructure company disrupted a North Korea-linked recruitment scam that weaponized the entire hiring process to compromise developers and gain access to crypto infrastructure.
Here's how it worked: hackers created fake recruiter profiles that closely resembled legitimate Fireblocks hiring processes. They conducted video interviews via Google Meet, shared take-home coding assignments through GitHub, and maintained authentic conversations throughout. When candidates ran what appeared to be routine installation commands for the coding test, they were actually installing malware that could expose wallets, private keys, and production systems.
"What they're basically doing is that they are weaponizing a legit interview to create a very legit and authentic interaction with candidates," Fireblocks CEO Michael Shaulov told CNBC. The attackers weren't casting a wide net - they were hunting specific targets based on LinkedIn profiles, looking for engineers with "privileged access" to critical crypto infrastructure.
