How North Korea Infiltrates the Crypto Assets Industry

A recent survey revealed the large-scale infiltration of the Crypto Assets industry by North Korean IT workers. Several well-known blockchain projects, including Injective, ZeroLend, Fantom, Sushi, Yearn Finance, and Cosmos Hub, have unknowingly employed IT personnel from North Korea.

These North Korean workers used fake identities to successfully pass interviews and background checks, showcasing impressive work experience. Their skill levels vary, with some performing mediocrely and only able to deceive for a few months of salary, while others display real technical prowess.

Hiring North Korean workers in countries that have implemented sanctions, such as the United States, is illegal and poses security risks. Investigations have found that several companies employing North Korean IT workers subsequently suffered hacker attacks.

Some companies have shared their experiences in the hope that others can learn from them. Common suspicious signs include: working hours that do not match the claimed location, multiple people pretending to be one account, and turning off the camera during video conferences.

Taking Sushi as an example, the company hired two developers in 2021 who claimed to be Anthony Keller and Sava Grujic. These two were later believed to be the same person or the same organization, as they injected malicious code into the MISO platform, stealing $3 million. Blockchain analysis showed that their earnings were transferred to wallet addresses associated with North Korea.

Experts say that North Korea's hacking attacks often involve social engineering, gaining trust first before stealing keys. IT workers are well-suited to assist in such activities, as they can obtain personal information or directly access funding systems.

Overall, North Korean IT workers have widely infiltrated the Crypto Assets industry, bringing legal and security risks to companies. Companies need to be vigilant and strengthen background checks and security measures.