In a recent alarming incident, a journalist became the victim of a sophisticated phishing attack, believed to be orchestrated by North Korean hackers.
Ben Weiss, a journalist from Fortune, who had been covering the Democratic People’s Republic of Korea (DPRK), wrote that he was ensnared by a cunning trap laid by the hackers in mid-March. The phishing attack was launched via an innocent-looking message from a hedge fund investor on Telegram, a messaging app widely used in the crypto sphere.
The journalist was lured into a Zoom call with a supposed Bitcoin strategist, Adam Swick. He knew that Swick was considering a new digital asset treasury with a potential large seed investor. Despite doubts about the venture, the journalist agreed to a call via a Zoom link shared on Telegram.
The Zoom link provided redirected to a program that closely mimicked the actual Zoom interface, with minor differences and audio glitches. To rectify these issues, the journalist was asked to download an update, which turned out to be a harmful file.
Upon downloading the file, the journalist’s computer was susceptible to a vulnerability that could log keyboard strokes, monitor the computer screen, and gain access to passwords and apps.
“This is giving me scam vibes,” he wrote to Swick and the hedge fund investor.
Recognizing the potential danger, Weiss immediately powered down the laptop and contacted Fortune’s IT department.
Taylor Monahan, a security researcher and member of SEAL 911, confirmed that the phishing attack was likely the handiwork of DPRK. Weiss avoided running the malicious script that could have let hackers steal his passwords, Telegram account, and cryptocurrency, though he said that his crypto holdings were minimal.
The security researcher flagged that hackers were not only targeting wealthy investors but also crypto journalists, due to their extensive contact list of potential high-value targets.
North Korean Attacks Hit DeFi, Crypto
This incident comes in the wake of a series of cyberattacks linked to North Korean hackers. Earlier this week, a report suggested that North Korean hackers were suspected of orchestrating supply-chain attacks on U.S. firms to steal cryptocurrency for the regime’s nuclear funding. The hackers reportedly targeted Axios, a software program used by cryptocurrency firms and blockchain developers.
Furthermore, Blockchain analytics firm Elliptic reported that North Korea’s state-sponsored hackers might be behind the $285 million exploit of Drift Protocol, the largest DeFi hack of 2026. These incidents highlight the increasing threat posed by North Korean hackers, particularly to those involved in the cryptocurrency industry.
Ledger CTO Charles Guillemet compared the incident to the $1.4 billion 2025 Bybit hack, noting a similar pattern of compromised multi-sig signers, social engineering, and disguised malicious transactions.
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by a Benzinga editor.
Image Credit: Shutterstock/FOTOGRIN
Recent Comments