North Korean IT Workers Frequently Infiltrate Crypto Firms, Lurk and Then Hack

On October 2, CoinDesk reported that more than a dozen cryptocurrency companies unknowingly hired IT workers from the Democratic People's Republic of Korea (DPRK), including established blockchain projects such as Injective, ZeroLend, Fantom, Sushi, Yearn Finance, and Cosmos Hub. Using fake IDs, these workers managed to pass interviews, pass background checks, and provide real work history.

Hiring North Korean workers is illegal in the U.S. and other countries that sanction North Korea, and multiple companies have hired and subsequently hacked North Korean IT workers. “Everyone is trying to filter out these people,” said Zaki Manian, a prominent blockchain developer. He inadvertently hired two North Korean IT workers to help develop the Cosmos Hub blockchain in 2021.

U.S. authorities have recently stepped up warnings that North Korean information technology (IT) workers are infiltrating tech companies and using the proceeds to fund nuclear weapons programs. An investigation revealed that North Korean job seekers are particularly aggressive and frequent in targeting cryptocurrency companies - successfully passing interviews, passing background checks, and even displaying an impressive history of code contributions on the open-source software repository GitHub.