Menu
Browse

Cyber Threat Actor: Joker

Actor Type Location Known Incidents
 Icon
Hacker
United States of America
1 incident
Profile

The threat actor trackedunder the alias Joker is known to operate from the United States of America. Open‑source references to this actor are limited to a single cryptocurrency‑related incident. No additional aliases, alternate handles, or affiliated group names have been disclosed in public reporting. The actor’s known activity does not extend beyond the exploitation of a decentralized finance protocol. All publicly available details about Joker stem from the 2022‑04‑21 event.

Joker’s observed targeting is confined to the financial technology sector, specifically DeFi token contracts on public blockchains. The actor’s actions resulted in the extraction of value from the contract followed by the intentional destruction of the stolen funds. Initial access was achieved by exploiting a coding vulnerability within the token contract that allowed unauthorized minting of rewards. No custom malware, exploit kits, or proprietary tooling have been reported in connection with this activity. The actor interacted with the contract using ordinary blockchain transaction mechanisms, such as calling contract functions and triggering a self‑destruct routine.

On 21 April 2022, Joker exploited a flaw in a DeFi protocol’s token contract to generate excessive reward tokens, sell them on the market, and drive the token’s price to zero. The illicit proceeds amounted to approximately one million United States dollars in cryptocurrency. After the sale, the actor transferred the acquired funds to a separate smart contract and invoked that contract’s self‑destruct function, permanently locking the assets. The affected protocol halted trading and withdrawals, announced a community‑overseen audit and code repair, and signaled intentions to relaunch the token after remediation. No further operations, attribution to nation‑state sponsors, or links to criminal consortia have been identified in the sources consulted.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources