North Korean hackers may begin targeting larger objectives, including U.S.-based Bitcoin exchange-traded funds (ETFs).

The Lazarus Group, the infamous North Korean hackers associated with some of the most notorious hacks in the cryptocurrency space — including the biggest hack in decentralized finance (DeFi), the $625 million Ronin bridge hack — could be targeting US Bitcoin ETFs.

Hackers could start shifting their attention to the US Bitcoin ETFs due to the sizable potential bounty, according to Michael Pearl, the vice president of GTM strategy at Cyvers.

The onchain security expert told Cointelegraph in an exclusive:

“Only recently the FBI has issued a warning that North Korean hackers are going to try to infiltrate and steal money from ETFs. So all those ETFs are storing the base Bitcoin somewhere. And you can be certain that somebody is already planning and thinking of how they're going to steal it.”

Cyvers’ Michael Pearl, interview with Cointelegraph’s Zoltan Vardai, clip 1

The Bitcoin ETFs could represent a potential lucrative bounty for North Korean hackers, considering that the US ETFs hold a cumulative $52.1 billion worth of Bitcoin (BTC) in onchain holdings, according to Dune data .

Bitcoin ETFs are the next major target for North Korean hackers: Cyvers image 0

US Bitcoin ETFs. Onchain holdings. Source: Dune

Related: Over 86% of Web3 professionals are confident in the future of crypto — Consensys

Bitcoin ETF vulnerabilities could invite more stringent crypto regulation

North Korean hackers targeting the infrastructure surrounding Bitcoin ETFs present alarming risks and potential challenges for the industry.

It’s not only the ETF providers that may be targeted but also all related companies, warned Cyvers’ Pearl:

“It's not only the ETF providers, it's also the periphery, all the adjacent companies that are working with them… [ETF vulnerabilities] are something we need to address very fast because if not, we’re going to see mega hacks.”

Cyvers’ Michael Pearl, interview with Cointelegraph’s Zoltan Vardai, clip 2

According to Pearl, a potential Bitcoin ETF “mega hack” could invite more stringent regulatory attention in the US, which could inspire stricter regulations in other jurisdictions.

Related: Top 100 DeFi Hacks: Offchain attack vectors account for 57% of losses

Institutions became more aware of cybersecurity following the WazirX hack

The crypto industry is still recovering from the $230 million WazirX hack, which occurred in July, as the second-largest crypto hack of 2024 so far.

Yet, the $230 million hack also had a silver lining: It raised institutional awareness of the importance of cybersecurity.

Pearl explained:

“The WazirX case brought many institutional bodies like hedge funds and ETF issuers, that are interested in [security]. It actually raised awareness. Too bad it had to cost $230 million.”

Cyvers’ algorithms discovered the malicious smart contract that caused the $230 million hack eight days before the incident, which may have saved the Indian exchange from the hack, claimed Pearl.

$3 billion stolen in hacks — Why are crypto crimes surging? Source: YouTube


Magazine: 2 auditors miss $27M Penpie flaw, Pythia’s ‘claim rewards’ bug: Crypto-Sec