The cryptocurrency sector is facing a formidable challenge as investigations reveal the alarming extent of North Korean infiltration. This exploration sheds light on how North Korean hackers have deeply penetrated the industry, posing substantial legal and cybersecurity risks for businesses and investors alike.
DPRK Infiltration Targets the Entire Cryptocurrency Sector
In a comprehensive study by CoinDesk, it has come to light that North Korean entities have successfully infiltrated numerous cryptocurrency companies. The investigation uncovered that over a dozen prominent crypto firms, including Fantom, Injective, Yearn Finance, ZeroLend, and Sushi, unknowingly hired IT professionals from the Democratic People’s Republic of Korea (DPRK). These actions were part of strategies to bypass international sanctions and funnel money through these projects.
The findings highlight a more pervasive issue than previously anticipated. Interviews with company founders, industry experts, and blockchain researchers revealed that the infiltration is significantly more widespread than expected. Many hiring managers confessed to having interviewed or hired suspected DPRK developers, or they knew someone who had encountered similar issues.
Blockchain developer Zaki Manian shared his experience of unknowingly hiring two North Korean IT workers in 2021 to assist with the development of the Cosmos Hub blockchain. He emphasized the difficulty in filtering out such applicants, stating the likelihood of encountering DPRK applicants might exceed 50% throughout the industry.
On-chain investigator ZachXBT further exposed in August a chain of exploits linked to North Korea, reporting that he identified over 25 crypto projects with DPRK-associated developers active since June 2024. He revealed that North Korea was earning between $300K and $500K monthly from working on over 25 projects simultaneously by using fake identities.
Understanding the Real Nature of Crypto Hacks
Contrary to the dramatized Hollywood portrayals, North Korean cyberattacks primarily involve sophisticated social engineering techniques. Hackers often infiltrate teams by gaining trust and subsequently gaining access to sensitive project information, such as private keys, usually through malicious links.
Taylor Monahan, Product Manager at MetaMask, explained that DPRK hackers have not been seen executing traditional exploits. Instead, they excel at social engineering, compromising devices, and eventually gaining access to private keys. These developers utilize fake documentation to hide their true nationality, as hiring DPRK workers is prohibited in many countries due to sanctions. Initially, these individuals perform competently to build trust with employers. However, over time, inconsistencies in their work and backgrounds emerge, alerting companies to the coordinated attack.
An example of such an attack was experienced by the Ethereum Layer-2 NFT gaming platform Munchables, which reported a loss and subsequent recovery of over $60 million in crypto due to an internal breach. This incident, linked by industry figures like Laura Shin and ZachXBT to the North Korean government, exposed the potential for multiple developers to be, in fact, one individual.
Ultimately, the investigation underscored a pattern where several crypto projects employing DPRK IT workers later suffered significant hacks, such as Sushi in 2021 and Delta Primes in September 2024.
The cryptocurrency market continues to grow, currently standing at a market cap of $2.09 trillion, underscoring the need for enhanced security measures and vigilance against such infiltrations.