A recent investigation found that over a dozen cryptocurrency companies unknowingly hired North Korean IT workers, creating significant security and legal concerns.
According to a report by CoinDesk, more than 12 blockchain companies, including well-known names like Iqlusion, Fantom, and Injective, were tricked into hiring North Korean operatives who used fake identities to pass background checks and secure jobs.
The United Nations reported in 2024 that these workers contribute around $600 million annually to North Korea, funneling money to support the regime of Kim Jong Un.
The problem is that these workers present credible work histories, making it hard for companies to identify them as North Korean operatives during the hiring process.
Read also: Telegram Paused Crypto Wallet Services in The UK
U.S Concern & Fake Identity
Hiring and paying these workers, even unknowingly, violates U.N. sanctions and is illegal in the United States and many other nations. This situation also brings serious security risks. North Korean hackers often infiltrate companies by posing as regular employees.
Zaki Manian, a well-known blockchain developer, admitted to accidentally hiring two North Korean IT workers in 2021 to help with the Cosmos Hub blockchain project. In 2023, Stefan Rust, founder of the crypto company Truflation, unknowingly hired a North Korean worker named Ryuhei. Rust mentioned that his team was always looking for skilled developers, and Ryuhei’s application seemed no different from others.
Rust later realized that North Korea had a coordinated plan to push its workers into tech jobs, with their earnings going back to support the regime in Pyongyang. Their earnings reportedly help finance the country’s nuclear weapons program.
CoinDesk’s report also sheds light on how North Korean applicants managed to get hired by crypto companies, they have been using fake identities to work in crypto industries since 2018. These workers performed well in interviews, passed reference checks, and showcased their coding skills through platforms like GitHub.
Zaki Manian stated that the applications in the crypto industry that are likely from North Korea could be as high as 50% This investigation marks the first time these companies have publicly admitted to hiring workers from North Korea by mistake.
Since 2022, the U.S. Department of Justice and the Treasury’s Office of Foreign Assets Control (OFAC) have raised concerns about North Korea’s efforts to infiltrate U.S. cryptocurrency firms.
Read also: Morocco’s Ambition to Become Global Leader: Investing $1.1 Billion in AI and Blockchain
Kaspersky Report
In May, cybersecurity firm Kaspersky released a report about North Korean hackers launching attacks on cryptocurrency companies. They used a new type of malware called “Durian” to target South Korean crypto firms. The report mentioned that a hacking group known as Kimsuky, is associated with North Korea.
The Durian malware installs various malicious components, such as a backdoor called “Appleseed” and a custom tool named “LazyLoad,” which enables hackers to steal files and execute commands.
Kaspersky also noted a potential link between Kimsuky and the notorious Lazarus Group, another North Korean hacking organization. The custom tool LazyLoad used by Kimsuky was previously spotted in attacks by Andariel, a subgroup of Lazarus.
Leave a Reply