Bahrain-based cryptocurrency exchange Rain.com was hacked in April this year, losing $16 million in cryptocurrency. Now, investigators have identified the perpetrators, infamous North Korean hacking crew Lazarus Group, which used some LinkedIn social engineering to pull the heist off.
According to a seizure warrant filed by the Justice Department, an investigation by Google’s Mandiant cybersecurity company found that Lazarus gained access to Rain, which bills itself as “the simplest way to trade crypto in the Middle East,” by contacting an employee on LinkedIn with a job offer. When that person expressed interest, the North Korean hackers sent them a link to download a coding challenge. Hidden inside was TraderTraitor, malware that helped them steal the private keys and passwords they needed to access Rain’s crypto wallets.
FBI agents working with Rain were able to trace some of the stolen funds as the hackers laundered them; they found $760,000 in virtual currency SOL, in WhiteBIT, an exchange based in Vilnius, Lithuania. Those funds have been frozen as the FBI prepares to seize them.
Rain isn’t the only crypto company to have been targeted by Lazarus via LinkedIn. Per the seizure warrant, the group uses multiple personas across the Microsoft-owned social site, masquerading as recruiters from well-known companies. Typically, they build a rapport with a target before moving conversation to a platform like WhatsApp, Telegram, or Slack where they try to distribute the malware that will allow them to steal the victim’s passwords.
According to the DOJ, between 2017 and 2024, the Lazarus Group has “conducted multiple virtual currency heists from virtual asset service providers and other victims, netting hundreds of millions of dollars of virtual currency.” Previous reports have claimed that North Korea has funded its nuclear program with crypto stolen from a variety of companies.
Rain had not yet responded to requests for comment.
LinkedIn said it uses “manual and automated defenses to find and remove state-sponsored activity.” It also pointed Forbes to tools and tips for job hunting safely on LinkedIn.
