In a striking incident that highlights the persistent threat of cybercrime, particularly from North Korean hackers, an unsettling experience unfolded recently for a journalist working with Fortune. The warning came from an IT administrator who alerted the reporter to a potential security breach on their device. The alarming message detailed a process that might expose sensitive information, indicating a probable attempt at phishing.
The situation escalated swiftly, prompting the journalist to shut down their laptop and head to Fortune’s office, where IT could assist in erasing any malicious software. Reflecting on their background reporting on North Korea’s cyber activities, the journalist texted their editor with a grim humor, suggesting they might have fallen victim to a phishing scam orchestrated by the Democratic People’s Republic of Korea (DPRK).
The DPRK has long been a formidable player in the world of cybercrime, particularly targeting the cryptocurrency sector amid ongoing global sanctions. Reports indicate that in 2025 alone, North Korean hackers amassed around $2 billion in stolen cryptocurrency, marking a staggering increase in their illicit financial activities from the previous year.
The attack on the journalist began innocuously with a message from an anonymous hedge fund investor via Telegram, the preferred messaging platform within the crypto industry. They were invited to connect with an individual supposedly named Adam Swick, a former chief strategy officer at a Bitcoin mining company. The inquiry seemed harmless, but as the conversation progressed, certain red flags emerged.
After agreeing to a virtual meeting, the journalist clicked on what appeared to be a standard Zoom link. However, they immediately noticed discrepancies in the software: the audio was malfunctioning, and the prompt to update the application raised suspicions. Trusting their instincts, the journalist chose to evade the potential trap by rejecting the update request and demanding a switch to a more secure platform for the meeting.
The situation intensified when, on their way to the office, the journalist consulted with Taylor Monahan, a security expert, who quickly confirmed the authentic identity of the cyber attackers as being linked to the DPRK. Monahan indicated that had the journalist proceeded with downloading the update, their digital assets, passwords, and sensitive information could have been compromised.
Unfortunately, this scheme exemplifies the calculated methods employed by North Korean hackers, who often hijack legitimate Telegram accounts, reaching out to contacts under false pretenses. This organized approach has become increasingly sophisticated, allowing them to exploit unsuspecting victims within the crypto community and beyond.
After erasing the infected software and securing their accounts, the journalist later contacted the hedge fund investor, only to discover that they, too, had fallen victim to the same phishing attempt that had targeted the journalist. This chain of events led to further investigations, revealing the depth of the hacking operation.
Attempts to communicate with the impersonated Adam Swick yielded no response, raising questions about the broader implications of identity theft in their network. This episode highlights the vulnerability individuals face in today’s digital landscape and underscores the pressing need for heightened security awareness across social and professional platforms.
As this alarming case unfolds, it serves as a stark reminder of the potential dangers lurking online, encouraging vigilance and proactive measures to safeguard personal and professional information from cybercriminals.
