The cryptocurrency industry is booming, with Bitcoin trading at $93,943 and Ethereum at $1,769 as of April 24, 2025. With the total market capitalization exceeding $3 trillion, the demand for skilled developers, designers, and marketers has never been higher. But that demand has also attracted sophisticated scammers who use fake job offers to steal your crypto wallet and personal data. On April 24, a report from cybersecurity firm Silent Push revealed that North Korean hackers created legitimate-looking shell companies specifically to target crypto developers. This guide will walk you through everything you need to know to stay safe.
The Basics
Crypto job scams are a type of social engineering attack where criminals pose as recruiters or employers to trick job seekers into installing malware, revealing sensitive information, or transferring cryptocurrency. The attacks have become increasingly sophisticated, with some operations creating entire fake companies complete with professional websites, AI-generated employee photos, and convincing business registration documents. The Silent Push report identified three such shell companies: Blocknovas LLC, Softglide LLC, and Angeloper Agency, all linked to North Korea’s Lazarus Group.
These scams work because they exploit a fundamental vulnerability: the desire for career advancement. When a crypto developer receives a message from a recruiter offering a high-paying position at what appears to be a legitimate company, the instinct is to engage rather than question. The attackers understand this psychology and design their approaches to trigger excitement rather than suspicion.
Why It Matters
The consequences of falling for a crypto job scam can be devastating. The malware used in these campaigns, with names like BeaverTail, InvisibleFerret, and OtterCookie, is specifically designed to steal cryptocurrency wallet private keys, harvest clipboard data including wallet addresses, and establish persistent backdoor access to your computer. One confirmed victim had their entire MetaMask wallet drained. In an industry where transactions are irreversible and pseudonymous, there is often no way to recover stolen funds.
Beyond the financial loss, victims may also have personal data compromised, including identification documents shared during the fake hiring process. This information can be used for identity theft, further cryptocurrency fraud, or sold to other criminal organizations. The scale of the threat is enormous: the Lazarus Group behind these scams is the same organization responsible for the $1.4 billion Bybit hack in 2025.
Getting Started Guide
Protecting yourself starts with adopting a verification-first mindset. Here is a step-by-step approach to evaluating any crypto job opportunity:
Step 1: Verify the company independently. Search for the company on official business registries such as the Secretary of State database in the relevant U.S. state. Check if the company has a verifiable physical address, a history of operations, and real employees with established LinkedIn profiles that show genuine career histories and connections.
Step 2: Scrutinize the recruitment process. Legitimate companies typically follow standard hiring procedures including multiple interview rounds with different team members, technical assessments relevant to the role, and formal offer letters on company letterhead. Be suspicious if you are hired after a single informal chat or if the process moves unusually quickly.
Step 3: Never install software from interviewers. A major red flag is being asked to download, install, or run any software during the application or interview process. This includes development tools, communication platforms, screen-sharing applications, or diagnostic utilities. Legitimate companies use widely-known platforms like Zoom, Google Meet, or Microsoft Teams that you should already have installed.
Step 4: Never copy-paste commands from strangers. The Blocknovas scam asked victims to copy and paste a command that supposedly fixed a technical error. This is the most dangerous request you can receive. Copying and pasting terminal commands from someone you do not personally trust can result in the immediate installation of malware.
Step 5: Separate your work and crypto environments. Use a dedicated device or virtual machine for any job search activity. Never conduct job interviews or install work-related software on the same machine where you manage cryptocurrency wallets or access exchange accounts.
Common Pitfalls
The most common mistake is assuming that because a company appears legitimate, it is legitimate. The Lazarus Group invested significant resources in creating convincing front companies with proper business registrations. Another pitfall is urgency. Scammers create artificial time pressure, claiming that positions must be filled immediately or that offers expire within hours. This pressure is designed to prevent you from taking the time to verify the opportunity properly.
Many victims also fall for the technical credibility trap. When an interviewer asks sophisticated technical questions about blockchain development, smart contract auditing, or DeFi protocols, it creates an illusion of legitimacy. The attackers are technically proficient, and their ability to engage in detailed technical discussions does not prove they are who they claim to be.
Next Steps
If you believe you have been targeted by a crypto job scam, take immediate action. Disconnect the affected machine from the internet. Do not connect any hardware wallets to the compromised device. Run a full malware scan using reputable endpoint detection software. Change all passwords for accounts that were accessible from the compromised machine, prioritizing cryptocurrency exchanges, email accounts, and cloud storage. Report the incident to the FBI’s Internet Crime Complaint Center at ic3.gov. Share your experience with the crypto community to help others recognize similar attacks.
Stay informed by following cybersecurity researchers on social media platforms. The Blocknovas exposure was first shared publicly by security researcher Zach Edwards on April 24, enabling rapid community awareness. The faster information about these scams spreads, the fewer victims they claim.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making any financial decisions.
Wait until pension funds start allocating to the spot ETF
BlackRock entering crypto legitimizes the entire asset class
ETF flows are the strongest buy signal we’ve ever had
silent push found three shell companies in april alone. how many more are operating right now that havent been caught yet
the north korean shell companies with AI generated employee photos is next level. blocknovas, softglide, all had linkedin pages that looked totally legit
the LinkedIn pages had fake employee profiles with AI headshots that passed reverse image search. the bar for looks legit keeps getting lower
Blocknovas had a website that passed my initial check. it was only the WHOIS registration date that gave it away. registered 3 weeks before the hiring campaign started
WHOIS date check is a great tip. most people dont know you can look up when a domain was registered. a 3 week old domain running a hiring campaign is an instant red flag
if a recruiter sends you a PDF or .exe before you have even had a video call, that is a red flag the size of a billboard
pdf before a video call should be an instant block. no legit company sends files before you even talk to a real person
AI headshots passing reverse image search is terrifying. we are approaching a point where visual verification means nothing
Kwame D. AI headshots passing reverse image search means visual verification is dead. next step is deepfake video calls during interviews
PDF before video call should be added to every crypto security checklist. no legitimate company sends executable files at the application stage
three shell companies with full LinkedIn presence and AI generated employee photos. the effort put into these fronts could run an actual startup