The crypto industry is facing a new problem as North Korean hackers infiltrate job postings and pose as candidates applying with fake CVs.
This alarming trend was uncovered by a study that revealed that these fake applicants are trying to infiltrate cryptocurrency projects with malicious purposes such as collecting sensitive data, hacking, and stealing assets.
Shaun Potts, founder of cryptocurrency private recruitment firm Plexus, described this as an “operational danger to the industry”. “This is an ongoing thing, just like hacking is an ongoing thing in technology. You can't stop it, but you can minimize the risks,” Potts continued.
According to the United Nations Security Council, more than 4,000 North Koreans were directed to infiltrate businesses in the Western technology industry, including the crypto industry, by hiding their identities. Over the past seven years, North Korean hackers stole $3 billion worth of crypto assets in 58 suspected cyber heists.
While it remains unclear how many of these thefts were carried out with the help of fake employees, experts fear the trend is just beginning. “They have a very limited amount of resources that they can sell to China,” said Taylor Monahan, chief security researcher at crypto wallet MetaMask. “So they generate revenue by doing things like illegal resource sales, IT work, manual labor, and hacking.”
The UN reports that the fake recruitment scheme alone earns North Korea $600 million a year. Some undercover North Korean crypto workers earn up to $60,000 per month and work multiple full-time and freelance jobs. High earners keep 30% of their earnings and hand over the rest to authorities in Pyongyang.
Considering reports of extreme poverty in North Korea, the sums are huge for individuals. That's why startups need to be diligent. “As long as it is effective, they will continue to populate job posting forums, create resumes, and pursue crypto companies and projects,” Monahan warned.
Erin Plante, vice president of research at Chainalysis, introduced a geopolitical aspect of their work. There is evidence that North Korea is funding its nuclear weapons program in part by hacking crypto sites. Lazarus Group, a North Korean hacking initiative, launched a $540 million attack on the Ronin bridge in 2022, according to blockchain analysis firm Elliptic.
As the crypto industry continues to grow, the threat from these leaks is becoming increasingly significant, as the ten largest crypto exchanges, including Coinbase and Binance, announced more than 1,200 new launches in May.
*This is not investment advice.