North Korean Hackers Exploit Fake Coding Tasks to Steal Cryptocurrency
A North Korean threat actor, tracked as UNK_DeadDrop by Proofpoint, has been targeting software developers with fake job and code-review lures to steal cryptocurrency and credentials. The campaign involved sending over 250 phishing emails in April and May 2026, primarily targeting U.S.-based individuals in technology, education, and finance sectors, with a focus on cryptocurrency firms. The emails linked to repositories disguised as coding assignments, which contained malicious scripts. These scripts installed malware that scanned for browser data and cryptocurrency wallets, aiming to drain them. The operation is reminiscent of previous North Korean campaigns but is tracked separately due to its unique characteristics. 
