North Korean Hackers Steal $16 Million from Crypto Exchange Rain
The cryptocurrency exchange Rain.com, based in Bahrain, fell victim to a cyberattack in April, resulting in the theft of $16 million. An investigation revealed that the North Korean Lazarus Group orchestrated the attack, leveraging social engineering tactics via LinkedIn.
According to reports, the attackers gained access to Rain’s internal systems by posing as recruiters. They contacted an employee through LinkedIn with a job offer and provided a link to a purported test assignment. The file contained the TraderTraitor malware, which enabled the hackers to access private keys and passwords used to manage cryptocurrency wallets.
Collaborating with Rain, the FBI traced a portion of the stolen funds, identifying $760,000 in SOL cryptocurrency on the WhiteBIT exchange, based in Vilnius, Lithuania. These funds have been frozen pending confiscation.
The Lazarus Group has a history of employing similar methods on LinkedIn. According to warrant documents, the hackers create fake profiles impersonating recruiters from reputable companies. After initiating contact, conversations are shifted to platforms such as WhatsApp, Telegram, or Slack, where malware designed to steal credentials is distributed.
The U.S. Department of Justice reports that between 2017 and 2024, the Lazarus Group executed numerous virtual currency heists, amassing hundreds of millions of dollars. It has been previously reported that the stolen funds are used to support North Korea’s nuclear weapons program.
Rain has yet to release an official statement. LinkedIn representatives stated that the platform employs both automated and manual methods to detect and remove activities tied to state-sponsored interference. They also provided recommendations for safe job searching on their platform.
Earlier, the Irish regulator fined LinkedIn €310 million for violating user privacy. The platform was found to have conducted behavioral data analysis for targeted advertising without ensuring adequate transparency or obtaining proper consent.
