BitMEX Targeted in LinkedIn Scam by Lazarus Group

BitMEX has been implicated in a LinkedIn employment scam orchestrated by North Korea’s Lazarus Group, security researchers revealed in May 2025.

This incident underscores ongoing cybersecurity risks in the crypto sector, though no immediate financial fallout or asset shifts have been reported.

Lazarus Group Targets BitMEX Via LinkedIn Recruitment

The cybersecurity firm Bitdefender disclosed that the Lazarus Group used LinkedIn for deceptive recruitment to target BitMEX employees. The scheme reflects similar social engineering tactics previously deployed by the group.

Researchers explained that fraudulent job offers aimed to infiltrate sensitive systems, while BitMEX has not officially commented on the scheme’s discovery or its implications for their operations.

Credential Theft Scheme Poses Broad Security Risks

No immediate financial loss has been associated with the attack. The LinkedIn scheme, focusing on credential theft, threatens longer-term security through potential corporate infiltration.

Industry security alerts emphasize the attack’s ripple effect, highlighting the importance of proactive defenses. Experts warn that further infiltration could lead to broader industry consequences, impacting crypto values indirectly.

We only recommend downloading the malicious payload in sandbox environments, in which it can be safely analyzed. We strongly advise against untrained individuals attempting this, as the risk of severe infection is high.

Historical Patterns Indicate Increased Security Need

The Lazarus Group has a history of targeting cryptocurrency sectors with social engineering. Previous scams led to significant breaches, drawing parallels to current events.

Experts emphasize that without immediate financial damage, companies remain at risk. Historical precedents suggest increased protective measures are critical to avert future sabotage attempts.