FBI Warns North Korean Cyber Crooks May Be Targeting Bitcoin ETF Companies

North Korean cybercriminals are stepping up their game and becoming more sophisticated in a bid to steal cryptocurrency—including conducting research on those connected to digital asset exchange-traded funds (ETFs), the FBI has warned.

In a Tuesday announcement , the agency said that criminal actors from the closed-off state were now conducting "difficult-to-detect social engineering campaigns" against those working in the crypto sector, including those in the decentralized finance (DeFi) and ETF space.

The advanced scams target workers in the digital asset space by impersonating others or making phony job offers in attempts to steal valuable personal information, the FBI said. Such attempts are typically called phishing scams.

"North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency ETFs over the last several months," the announcement read.

"This research included pre-operational preparations suggesting North Korean actors may attempt malicious cyber activities against companies associated with cryptocurrency ETFs or other cryptocurrency-related financial products."

The FBI added that "even those well-versed in cybersecurity practices" could be tricked by the increasingly sophisticated scams.

The U.S. Securities and Exchange Commission (SEC) this year approved spot Bitcoin and Ethereum ETFs, giving traditional investors the ability to invest in the two biggest cryptocurrencies via shares that trade on stock exchanges.

Before that, crypto futures ETFs were available in the American market. The FBI alert does not specifically name any cryptocurrencies, but Bitcoin ETFs are the most prominent in America and have been trading since January. The only other spot cryptocurrency ETFs available in the United States are Ethereum funds, which have only been trading for just over a month as of this writing.

The FBI did not immediately respond to Decrypt 's questions.

North Korean actors frequently target crypto companies and protocols. State-sponsored cyber hacking group Lazarus Group has allegedly used mixing tools like Tornado Cash and other apps in order to hide the trace of dirty funds—which American authorities say have been stolen.

Blockchain data firm Chainalysis has said that the group steals hundreds of millions of dollars in crypto each year by targeting crypto exchanges and other platforms, including the $622 million worth of crypto swiped from Ethereum gaming network Ronin in March 2022 .