Yigit Taha OZTURK 
North Korean hacking groups are luring crypto developers with fake job offers and coding tests laced with malware, according to cybersecurity experts.
Malware Hidden in “Coding Assignments”
Hackers from the group Slow Pisces (aka Jade Sleet / TraderTraitor) approach developers on LinkedIn, offering dream gigs in DeFi or blockchain security. Once trust is built, they send malware-infected coding challenges hosted on GitHub. When opened, these files steal SSH keys, cloud access credentials, and crypto wallet data.
You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!
Using Freelance Platforms to Spread
According to Hacken and Cyvers, platforms like Upwork and Fiverr are also being used by attackers posing as hiring managers.
“They create credible profiles and fake resumes just to infiltrate Web3 firms via targeted developers,” says Hayato Shigekawa of Chainalysis.
Security Tips for Devs
- Always use virtual machines or sandboxes to test external code
- Verify job offers via official channels
- Never store secrets in plain text
- Be wary of unverified packages and unsolicited opportunities
- Implement endpoint protection and operational hygiene
“If it looks too good to be true, it probably is,” warns Luis Lubeck of Hacken.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.