--- title: "North Korean Malware Hits Ethereum and BSC Wallets: Details" description: "North Korean hackers have targeted Ethereum and BSC wallets using malware named \"OtterCookie/BeaverTrail,\" delivered through a fake cryptocurrency app. This malware can steal sensitive data, including" type: "news" locale: "en" url: "https://longbridge.com/en/news/261760678.md" published_at: "2025-10-19T08:50:22.000Z" --- # North Korean Malware Hits Ethereum and BSC Wallets: Details > North Korean hackers have targeted Ethereum and BSC wallets using malware named "OtterCookie/BeaverTrail," delivered through a fake cryptocurrency app. This malware can steal sensitive data, including keystrokes and browser wallet information. Victims are advised to assume their hot wallets are compromised and take immediate action by moving funds and revoking token approvals. In 2023 alone, North Korean hackers have stolen approximately $2 billion in cryptocurrency, bringing the total to $6 billion. According to a recent report by cybersecurity firm Cisco Talos, hackers linked to North Korea delivered malicious JavaScript via a fake cryptocurrency application and an npm package. The malware, which has been dubbed "OtterCookie/BeaverTrail," is capable of stealing keystrokes, clipboard content, screenshots, and browser wallets of the likes of Metamask. **Modus operandi** A potential victim is typically lured with a bogus job or freelance gig. The attacks install malware with the help of an obfuscated JavaScript payload and collect sensitive data. The stolen files then get uploaded to the attacker's servers. Notably, the hackers use a crypto app as bait, so they are specifically targeting those users who already have crypto wallets on their computers. **Immediate actions** Those who think that they were exposed to the attack should assume that their hot wallets were compromised. Attackers typically steal extension files and passwords together with seed phrases to drain wallets. One should immediately start moving funds and revoke token approvals for old wallets that were potentially hacked. It would also be advisable to wipe and reinstall the operating system, given that such malware In order not to fall victim to hackers in the first place, one should refrain from running code from untrusted sources. They can be run via containers or VMs. **$2 billion worth of stolen crypto** Earlier this month, TechCrunch reported that North Korean hackers had already stolen roughly $2 billion worth of crypto this year. The report, which cites data from blockchain sleuth Elliptic, says that the total amount of crypto stolen by the "Hermit Kingdom" currently stands at $6 billion. ### Related Stocks - [ETHE.US - Grayscale Ethereum Staking ETF](https://longbridge.com/en/quote/ETHE.US.md) ## Related News & Research | Title | Description | URL | |-------|-------------|-----| | iExec RLC to Hold Live Stream on February 17 | iExec RLC will host a live stream on February 17 at 5 PM UTC, featuring ShadowSwap, a Hack4Privacy winner. The discussio | [Link](https://longbridge.com/en/news/276081452.md) | | BitMine Buys Record 45,759 ETH—Can It Stop BMNR Breaking Below $15 Support? | BitMine Immersion Technologies (NYSE:BMNR) purchased 45,759 Ethereum for over $90 million, marking its largest weekly ac | [Link](https://longbridge.com/en/news/276157782.md) | | Tokenized RWAs climb 13.5% despite $1T crypto market drawdown | Demand for tokenized real-world assets (RWAs) rose 13.5% over the past month, despite a $1 trillion drawdown in the broa | [Link](https://longbridge.com/en/news/276071984.md) | | Trust Wallet Launches Flap Bonding Curve Trading | Trust Wallet has introduced Flap bonding curve token trading in its Meme Rush section, offering fast execution and a sim | [Link](https://longbridge.com/en/news/276081479.md) | | North Korea's Kim marks completion of Pyongyang housing project as key party congress nears | North Korean leader Kim Jong Un celebrated the completion of 10,000 new houses in Pyongyang, as the country prepares for | [Link](https://longbridge.com/en/news/276080393.md) | --- > **Disclaimer**: This article is for reference only and does not constitute any investment advice.