North Korea’s Crypto Heist: A Sneaky Software Attack Hits U. S. Companies

North Korean hackers infiltrated a widely used software tool, Axios, and slipped malicious code into it for several hours on Tuesday. The attackers gained control of a developer’s account and pushed bad updates to any business that pulled the package during that brief window. Companies across health, finance and tech—especially those in crypto—were caught off guard. Security firms say this is not a one‑off trick. The hackers likely plan to use the stolen credentials to siphon cryptocurrency from affected firms, a move that could fund North Korea’s missile and nuclear programs. Experts warn the damage will take months to fully understand. Only a fraction of victims has been identified so far: about 135 compromised devices in roughly 12 companies. Yet the true scale will grow as more organizations discover the breach.This attack follows a pattern of North Korean supply‑chain intrusions, including a 2021 breach of a popular voice‑video platform used by hospitals and hotels. The country’s hacking teams are a major revenue source, with stolen funds reportedly funding up to half of its missile budget. In 2023, a single cyber‑attack netted $1. 5 billion in crypto—North Korea’s largest recorded hack. Analysts note the state’s willingness to accept high‑profile attacks because it values the financial gain over international reputation. The timing is especially risky now, with many companies deploying AI tools that automatically build software without strict checks. This oversight creates a perfect entry point for attackers to insert harmful code into trusted supply chains.