Crypto investigations have recently delved into one of the sector’s biggest problems, revealing that its scope may be greater than suspected. The report revealed how North Korean hackers targeted and infiltrated the industry, revealing numerous legal and security risks for companies and investors.
DPRK Access Targets Every Industry
CoinDesk recently published an investigation detailing how North Koreans infiltrated the industry, finding that more than a dozen crypto companies have fallen victim to the country’s tactics to bypass sanctions and cash in on these projects.
The report revealed that several companies, including well-established projects such as Fantom, Injective, Yearn Finance, ZeroLend, and Sushi, had inadvertently hired IT workers in the Democratic People’s Republic of Korea (DPRK).
Furthermore, it revealed the magnitude of the problem as interviews with several founders, industry experts, and blockchain researchers indicated that hacking is “much more common” than expected.
During the investigation, many of the employer groups interviewed revealed that they had interviewed and employed suspected DPRK engineers or knew someone who had.
Blockchain developer Zaki Manian revealed that he unknowingly hired two North Korean IT workers in 2021 to help develop the Cosmos Hub blockchain. He said that “everyone is struggling to filter these people” as the chances of an applicant coming from the DPRK “are greater than 50% in the entire industry.”
On-chain investigator ZachXBT revealed an array of North Korean operations in August, sharing that he had found more than 25 crypto projects with DPRK-linked developers active since June 2024.
The crypto sleuth shared the names and addresses of 21 IT workers who had joined the industry in just those three months. Additionally, he found that North Korea was “earning $300K – $500K / month working on 25+ projects at once using fake identities.”
Crypto Hacks are not like Hollywood movies
The report explained that North Korea’s cyberattack “doesn’t resemble the Hollywood version of hacking.” Instead, hackers often install some form of social engineering, which allows the group to hope to gain access to the project’s private keys, usually through a malicious link.
Taylor Monahan, Product Manager at MetaMask, said: “Until now, we have not seen the DPRK perform, as a real exploit. It’s always social engineering, then compromising the device, then compromising the private keys.”
North Korean engineers use fake documents to hide their true nationality, as hiring workers from the DPRK is prohibited in many countries due to sanctions. After being hired, rogue actors first do a good job to earn the trust of their employers.
However, the conflict of activity and differences in their story are starting to appear as time goes by, which makes crypto companies realize that they are the target of a coordinated attack. Sometimes, teams find that they have been working with more than one person who presented as one person or that many of their employees are all one person instead.
As reported by Bitcoinist, the Ethereum Layer-2 NFT gaming platform Munchables was the victim of this type of attack. In March, the project lost, and later recovered, more than $60 million in crypto after the developer turned hacker.
The hacker was exposed as an inside job and linked to several industry figures such as Laura Shin and ZachXBT in the North Korean government. In addition, it was suspected that the four developers in the group were all the same person.
Finally, the investigation showed that several crypto projects that employed DPRK IT staff later became victims of hacking, including Sushi in 2021 and, most recently, Delta Primes in September 2024.
Total crypto market cap is at $2.09 trillion in the weekly chart. Source: TOTAL on TradingView
Featured image from Unsplash.com, Chart from TradingView.com