Bitrabo Editorial
A recent investigation into the cryptocurrency sector has unveiled significant issues, particularly focusing on North Korean hackers targeting this space. The findings indicate that the scale of the infiltration might be greater than previously thought, posing serious legal and cybersecurity concerns for both companies and investors.
North Korean Threats Affecting the Entire Industry
According to a detailed report by CoinDesk, North Korean operatives have successfully penetrated the crypto industry, with over a dozen companies becoming victims of the regime’s strategies aimed at bypassing international sanctions and extracting funds from these firms.
Prominent projects such as Fantom, Injective, Yearn Finance, ZeroLend, and Sushi were noted to have unintentionally employed IT personnel from North Korea, indicating the depth of the issue.
Interviews conducted with various founders, experts, and blockchain researchers reveal that the infiltration problem is more widespread than many had anticipated.
Many hiring teams consulted during the investigation acknowledged that they either unknowingly hired North Korean developers or were aware of colleagues who had.
Blockchain developer Zaki Manian shared that he inadvertently hired two North Korean IT workers in 2021 as part of the Cosmos Hub blockchain development. He highlighted the challenge in distinguishing such applicants, estimating that more than half of job applicants in the field might originate from North Korea.
On-chain investigator ZachXBT revealed a network of North Korean exploits, identifying over 25 crypto projects linked to developers from the DPRK active since June 2024, and sharing the identities of 21 individuals involved and found that North Korea was earning between $300,000 and $500,000 a month through these activities by using false identities.
The Reality of Crypto Hacks
The investigation emphasized that North Korean hacking operations differ significantly from portrayals in movies. Rather than relying on complex technical breaches, these attacks often involve social engineering tactics to gain entry to projects by exploiting trust.
Taylor Monahan from MetaMask pointed out, “We have yet to see DPRK conducting a traditional cyber exploit. Their methods rely on social engineering, which leads to device and key compromises.”
To avoid detection, North Korean developers frequently provide fraudulent documentation, knowing that hiring individuals from their country is often prohibited due to sanctions. Once on board, these individuals initially work effectively to gain the trust of their employers.
Over time, however, inconsistencies in their work and narratives may surface, leading companies to realize they have been subjected to a calculated breach. It is not uncommon for organizations to discover that they have been interacting with multiple people posing as a single individual, or that a group of their employees is actually just one person.
One notable instance involved the Ethereum Layer-2 NFT game Munchables, which in March experienced a similar attack. The project initially lost over $60 million due to a developer’s betrayal, which was later linked by industry experts such as Laura Shin and ZachXBT to North Korean operatives. Additionally, suspicions arose that several developers on the team were essentially the same person.
Ultimately, the findings indicated a pattern where numerous crypto projects employing North Korean IT personnel subsequently became targets of hacking incidents, including those involving Sushi in 2021 and Delta Primes in September 2024.