We value your privacy

We use cookies to enhance your browsing experience, serve personalised ads or content, and analyse our traffic. By clicking "Accept All", you consent to our use of cookies.

Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

No cookies to display.

Unmasking Shadows: How North Korean Cybercriminals Navigated the Crypto Space

A recent investigation into the cryptocurrency sector has unveiled significant issues, particularly focusing on North Korean hackers targeting this space. The findings indicate that the scale of the infiltration might be greater than previously thought, posing serious legal and cybersecurity concerns for both companies and investors.

North Korean Threats Affecting the Entire Industry

According to a detailed report by CoinDesk, North Korean operatives have successfully penetrated the crypto industry, with over a dozen companies becoming victims of the regime’s strategies aimed at bypassing international sanctions and extracting funds from these firms.

Prominent projects such as Fantom, Injective, Yearn Finance, ZeroLend, and Sushi were noted to have unintentionally employed IT personnel from North Korea, indicating the depth of the issue.

Interviews conducted with various founders, experts, and blockchain researchers reveal that the infiltration problem is more widespread than many had anticipated.

Many hiring teams consulted during the investigation acknowledged that they either unknowingly hired North Korean developers or were aware of colleagues who had.

Blockchain developer Zaki Manian shared that he inadvertently hired two North Korean IT workers in 2021 as part of the Cosmos Hub blockchain development. He highlighted the challenge in distinguishing such applicants, estimating that more than half of job applicants in the field might originate from North Korea.

On-chain investigator ZachXBT revealed a network of North Korean exploits, identifying over 25 crypto projects linked to developers from the DPRK active since June 2024, and sharing the identities of 21 individuals involved and found that North Korea was earning between $300,000 and $500,000 a month through these activities by using false identities.

The Reality of Crypto Hacks

The investigation emphasized that North Korean hacking operations differ significantly from portrayals in movies. Rather than relying on complex technical breaches, these attacks often involve social engineering tactics to gain entry to projects by exploiting trust.

Taylor Monahan from MetaMask pointed out, “We have yet to see DPRK conducting a traditional cyber exploit. Their methods rely on social engineering, which leads to device and key compromises.”

To avoid detection, North Korean developers frequently provide fraudulent documentation, knowing that hiring individuals from their country is often prohibited due to sanctions. Once on board, these individuals initially work effectively to gain the trust of their employers.

Over time, however, inconsistencies in their work and narratives may surface, leading companies to realize they have been subjected to a calculated breach. It is not uncommon for organizations to discover that they have been interacting with multiple people posing as a single individual, or that a group of their employees is actually just one person.

One notable instance involved the Ethereum Layer-2 NFT game Munchables, which in March experienced a similar attack. The project initially lost over $60 million due to a developer’s betrayal, which was later linked by industry experts such as Laura Shin and ZachXBT to North Korean operatives. Additionally, suspicions arose that several developers on the team were essentially the same person.

Ultimately, the findings indicated a pattern where numerous crypto projects employing North Korean IT personnel subsequently became targets of hacking incidents, including those involving Sushi in 2021 and Delta Primes in September 2024.