Financially motivated attacks are nothing new to state-sponsored North Korean hacking groups. Earlier this year, US intelligence services warned about Lazarus stealing private keys and confiscating the wallet holdings. In April, the US Treasury and the FBI linked stolen cryptocurrency from Axie Infinity to Lazarus. This hack, which stole $617 million worth of Ethereum and USDC tokens, was made possible thanks to a fake PDF file. Opening the file infected the victim’s computer, allowing Lazarus to raise privileges and move through the firm’s network.
It is recommended to provide user training instructing users to avoid clicking on links or opening attachments sent by others on social media, especially from unknown and anonymous users. Users should also be instructed to report the incident to the organization’s IT security department for a follow-up investigation, especially if an attachment has been opened.

https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-crypto-experts-with-fake-coinbase-job-offers/