North Korean Hackers Target Crypto Bosses Through Fake LinkedIn Job Posts

Fireblocks CEO Michael Shaulov dropped a bombshell at a New York cybersecurity conference on February 19, 2026. North Korean hackers are using fake LinkedIn recruiter profiles to go after cryptocurrency executives, he said. The scammers create bogus job postings and reach out directly to high-level targets in the crypto space.

These aren’t your typical phishing attempts. The hackers build elaborate fake profiles with made-up credentials, work history, and professional connections that look completely legitimate at first glance. They’re specifically hunting for sensitive company information from crypto firm executives, and it’s all part of a bigger North Korean hacking operation that security experts have been tracking for months now. Shaulov warned that the sophistication level is “pretty scary” and that crypto companies are sitting ducks if they’re not careful.

LinkedIn knows about it. The platform is scrambling to remove fake profiles.

But nobody really knows how big the problem is yet. LinkedIn won’t say much about it, which is frustrating for security folks trying to get a handle on the scope. The FBI is digging into things, trying to figure out exactly what data got compromised and how many executives fell for the scam. They’re working with international cybersecurity teams, but it’s messy coordinating across borders when you’re dealing with North Korean state actors.

Fireblocks beefed up its security after discovering the threat. Shaulov keeps telling other crypto companies they need to stay alert because these hackers are constantly evolving their tactics. “The crypto sector is particularly vulnerable,” he said during his conference presentation. And he’s right – digital currency firms have been prime targets for North Korean hackers for years now, mostly because there’s real money to be made.

The timing couldn’t be worse. Crypto markets are already jittery.

Elliptic, the blockchain analytics firm, found cryptocurrency transactions tied to these scams. Tom Robinson, Elliptic’s co-founder, said the money movement patterns match previous North Korean hacking activities – funds bouncing through multiple wallets to hide where they came from originally. Chainalysis jumped in too, releasing a report on February 18, 2026, that breaks down the hackers’ tactics and pushes for better international cooperation to track these cyber threats. See also: BitGo Stock Plunges as Banks Eye.

The Justice Department is considering legal action. A DOJ spokesperson said on February 17, 2026, that they’re reviewing potential charges, though prosecuting North Korean state actors is notoriously difficult. Legal experts think any prosecution could set important precedents for handling international cybercrime in crypto.

Binance issued warnings to users on February 16, 2026, telling them to be suspicious of random LinkedIn recruitment offers. Their security team is watching for suspicious activity related to the scams. CoinDesk reported on February 15, 2026, that crypto firms are flooding security consultants with requests for advice on protecting executive data – shows how spooked the industry has gotten.

South Korea’s National Intelligence Service opened its own investigation on February 14, 2026, looking into similar recruitment scams hitting domestic tech companies. They suspect North Korean operatives are behind those attacks too and are coordinating with international cybersecurity teams to trace the fraud networks.

A Blockchain Association survey published February 13, 2026, found that 62% of crypto executives feel unprepared to handle targeted cyber threats. That’s a pretty damning statistic for an industry that handles billions in digital assets daily. The survey basically confirms what security experts have been saying – most crypto companies are flying blind when it comes to sophisticated state-sponsored attacks. This follows earlier reporting on Senator Moreno Pushes April Deadline for.

Gemini announced a partnership with Palo Alto Networks on February 12, 2026, to build advanced threat detection tools. They want real-time alerts for potential breaches, which is smart given how fast these attacks can unfold. But it’s expensive, and smaller crypto firms probably can’t afford the same level of protection.

The education angle is huge too. Shaulov keeps hammering the point that employee training is crucial. “Education is our first line of defense,” he said. Companies need to teach their people how to spot fake recruiters, verify identities, and report suspicious contact attempts. It sounds basic, but apparently a lot of executives are still falling for these scams.

LinkedIn’s response speed is becoming a real issue. Some crypto executives are complaining that the platform takes too long to remove fake profiles once they’re reported. Every day of delay means more potential targets getting contacted by scammers. The cybersecurity community is watching LinkedIn closely to see if they’ll strengthen their verification processes or just keep playing whack-a-mole with fake accounts.

Fireblocks continues monitoring the situation and expects more developments soon.