Ripple to share North Korean threat intelligence with crypto firms

Ripple is set to enhance cryptocurrency security by sharing North Korean threat intelligence with Crypto ISAC, following recent significant cyberattacks.

Why Is Ripple Sharing North Korean Threat Intelligence? In a significant move aimed at bolstering security within the cryptocurrency sector, Ripple announced earlier today its decision to share intelligence on North Korean threat actors with Crypto ISAC. This intervention comes in the wake of alarming cyberattacks, including the recent $285 million Drift hack , which highlighted a troubling shift in attack strategies from traditional smart contract exploits to more sophisticated long-term social engineering tactics. What Led to This Decision? The Drift incident revealed alarming patterns of new infiltration methods used by North Korean operatives. Rather than exploiting vulnerabilities, hackers spent considerable time establishing trust within victim organizations, ultimately slipping malware onto users' systems. This tactic allowed them to bypass conventional security measures, resulting in over $500 million stolen within a month from various attacks, including the Kelp exploit, which drained a staggering $292 million in ether. How Are North Korean Hackers Changing Their Tactics? The 2022-2024 wave of decentralized finance (DeFi) hacks was predominantly focused on exploiting code vulnerabilities. However, as crypto security evolves and improves, attackers are pivoting their methodologies. They are now leveraging social engineering techniques, applying for jobs, passing background checks, and actively building relationships with teams over platforms like Zoom. By the time they launch their attacks, they have already integrated themselves into the organization without triggering any alarms. What Is Ripple's Role in This Information Sharing? Ripple’s internal data is providing Crypto ISAC valuable insights into these threat actors. This includes crucial information such as LinkedIn profiles, email addresses, geographical locations, and contact numbers. Sharing this intelligence helps security teams identify potential threats by recognizing patterns, such as candidates