Covert War: North Korean Hackers Have Infiltrated 20% of Crypto Companies
TechFlow Selected TechFlow Selected
Covert War: North Korean Hackers Have Infiltrated 20% of Crypto Companies
They work efficiently, have long working hours, and never complain.
Navigating Web3 tides with focused insightsAuthor: Pedro Solimano, DL News
Translation: TechFlow
Pablo Sabbatella, SEAL member and founder of Web3 auditing firm opsek
Source: Pedro Solimano
-
North Korean agents have infiltrated 15%-20% of crypto companies.
-
A SEAL member revealed that 30%-40% of job applications in the crypto industry may come from North Korean agents.
-
The crypto industry is criticized as having "the worst operational security (opsec) across the entire computer industry," according to Pablo Sabbatella.
-
North Korea's infiltration into the crypto sector is far more extensive than previously understood.
Pablo Sabbatella, founder of Web3 auditing firm Opsek and current member of Security Alliance, made explosive claims at the Devconnect conference in Buenos Aires: North Korean agents may have infiltrated up to 20% of cryptocurrency companies.
"The situation with North Korea is much worse than people realize," Sabbatella told DL News. He shockingly added that 30%-40% of job applications in the crypto industry may originate from North Korean agents attempting to infiltrate organizations this way.
If these estimates are accurate, the potential damage would be staggering.
Moreover, North Korea’s infiltration isn’t solely about stealing funds through hacking—though they’ve already siphoned off billions via sophisticated malware and social engineering. The bigger concern is that these agents are being hired by legitimate firms, gaining system access, and manipulating the infrastructure underpinning major crypto companies.
According to a November report from the U.S. Treasury Department, North Korean hackers have stolen over $3 billion in cryptocurrency over the past three years. These funds were then used to support Pyongyang's nuclear weapons program.
How Are North Korean Agents Infiltrating the Crypto Industry?
North Korean workers typically do not apply for jobs directly, as international sanctions prevent them from participating in hiring processes under their real identities.
Instead, they identify unwitting remote workers around the globe to act as "proxies." Some of these proxies have even evolved into recruiters, helping North Korean agents use stolen identities to hire additional overseas collaborators.
According to a recent Security Alliance report, these recruiters reach out to individuals worldwide via freelance platforms like Upwork and Freelancer, primarily targeting Ukraine, the Philippines, and other developing countries.
Their "deal" is simple: provide verified account credentials or allow North Korean agents to remotely operate using your identity. In return, collaborators receive 20% of the income, while the North Korean agent keeps 80%.
Sabbatella said many North Korean hackers specifically target Americans.
"They find Americans to serve as their 'front-end,'" Sabbatella explained. "They pretend to be someone from China who doesn't speak English and needs help attending interviews."
Then, they infect the 'front-end' person's computer with malware, gaining access to a U.S. IP address and broader internet resources than available within North Korea.
Once hired, these hackers are rarely fired, as their performance satisfies employers.
"They're highly productive, work long hours, and never complain," Sabbatella told DL News.
Sabbatella offered a simple test: "Ask them if they think Kim Jong-un is strange or has any flaws. They're not allowed to say anything negative."
Operational Security Vulnerabilities
However, North Korea’s success isn’t just due to clever social engineering.
Crypto companies—and users—have made it easier.
"The crypto industry likely has the worst operational security (opsec) across the entire computer industry," Sabbatella said. He criticized crypto founders for being "fully doxxed, poorly protecting private keys, and highly vulnerable to social engineering."
Operational Security (OPSEC) is a systematic process for identifying and protecting critical information against adversarial threats.
The lack of OPSEC creates a high-risk environment. "Almost everyone's computer will be infected with malware at least once in their lifetime," Sabbatella said.
Update Note
Update: This article has been updated with clarification from Sabbatella, who stated that North Korea does not control 30%-40% of crypto applications; rather, the figure refers to the proportion of job applications in the crypto industry coming from North Korean agents.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@DLNewsInfo
