DeFi
North Korean hackers infiltrate cryptocurrency job sites in ‘silent war’ that nets $600 million – DL News
- Fake candidates test cryptography’s adoption of anonymity.
- According to the UN, 4,000 North Koreans are trying to break into the tech sector by finding jobs.
- “There is a kind of silent war going on,” says one expert.
Hiring in the crypto industry has never been easy.
Finding skilled developers is difficult, as is managing remote workers across multiple time zones.
Now, recruiting staff in the cryptocurrency space is about to get even more difficult.
A DL News An investigation has revealed that fake candidates are flooding job sites with falsified resumes.
Additionally, mounting evidence suggests that a number of these fake candidates appear to be North Korean nationals attempting to infiltrate crypto projects for malicious purposes, including collecting sensitive data, hacking, and stealing assets.
“It’s an operational risk for the industry,” said Shaun Potts, founder of Plexus, a crypto recruitment firm. DL News“It’s a permanent phenomenon, in the same way that hacking is a common practice in the technology sector. We can’t stop it, but we can minimize the risks.”
Concealing identities
According to the United Nations Security Council, more than 4,000 North Koreans have been forced to seek work in the Western tech sector while concealing their identities. This includes the crypto industry.
Over the past seven years, North Korean hackers have stolen $3 billion worth of crypto assets in 58 suspected cyber thefts, the council said in a recent 615-page report.
Join the community to receive our latest stories and updates
While it is unclear how many of these thefts were carried out with the help of fake employees, experts fear this trend may only be beginning.
“They illegally sell resources, computer labor, forced labor and computer hacking.”
— Taylor Monahan, MetaMask
That’s because it’s a very lucrative business. According to the UN, this fake recruitment system alone earns North Korea up to $600 million a year.
“They have very limited amounts of resources that they can sell to China,” said Taylor Monahan, principal security researcher at crypto wallet MetaMask. DL News“So they generate income by illegally selling resources, doing computer work, doing hard labor and hacking computers.”
New challenge
This development presents a new challenge for a sector that is becoming mainstream. With the launch of Bitcoin ETFs, Wall Street has embraced crypto as an asset class. DeFi mainstays such as Solana and Aave are recording increasing income and develop their activities.
The last thing crypto needs is an army of fake job applicants as the industry grows and demand for new recruits increases.
Ten of the largest cryptocurrency exchanges, including Coinbase and Binance, have recorded more than 1,200 new openings in May. Layoffs are also slowing down.
According to data from Layoffs.fyiThe number of unemployed people in the cryptocurrency sector fell dramatically in the first quarter compared to the same period last year.
“They just added a few new roles so it shows up differently in LinkedIn search.”
— Karolis Kundrotas, Durlston Partners
“Everyone I know is either working on another project or is unavailable,” said Zak Cole, co-founder of crypto venture studio Number Group. DL News“How are we going to attract new talent?”
The answer: cast a wider net.
AI Research
Instead of going to a formal recruiting agency, Cole and his co-founders used an artificial intelligence tool called Applyr AI to screen candidates. It uses AI to flag keywords in resumes that match their criteria.
The results are mixed. In a video interview with Number Group, one candidate who had listed Dutch as his mother tongue hung up when asked to speak in that language.
Another candidate’s GitHub profile — a LinkedIn for programmers — was only created a month ago, even though he was applying for a senior developer position.
On another resume, a candidate for a remote job listed a state penitentiary in Texas as his home address.
When asked if he was actually living in a prison, the applicant replied: “Yes.”
Cole’s biggest concern was making sure the candidates were who they said they were.
He said a pattern emerged as he went through them and arranged interviews: Many refused to turn on their cameras.
Video calls
Often, what they said in interviews contradicted what was written on their resume. In other words, they lied.
“They all have the same type of storyline,” Cole said. He added that their backgrounds were also blurred if they appeared on camera and were calling from a room with other people.
Karolis Kundrotas, a crypto industry consultant at recruiting firm Durlston Partners, said many candidates copy real LinkedIn profiles.
“It’s the exact same experiences and the same type of education as a real person,” he said. “They just added a few new roles so it shows up differently in LinkedIn search.”
Kundrotas said video calls are also key because you can see if the person is quickly reading additional information before responding.
One candidate did just that during a shared video call with DL News.
The applicant indicated that he had extensive knowledge of non-fungible tokens and crypto games, but had never heard of “Axie Infinity,” one of the largest and most well-known games in the industry.
Naturally, this is a major red flag.
Avoid background checks
Besides being a huge waste of time, these fake candidates also undermine a core pillar of crypto ethics.
Anonymity and pseudonymity are highly prized values in the cryptocurrency space. The tendency of project teams to avoid background checks and work at lightning speed like startups makes them a prime target for illegitimate hiring schemes.
For this reason, Potts says 95% of his clients have stopped hiring pseudonymous developers.
“People underestimate the security of many cryptocurrencies,” said MetaMask’s Monahan. “It’s actually not that uncommon for a random project to hire someone to do a job and then quickly move it forward.”
Perhaps this is what North Korea’s dormant candidates are counting on.
Monthly salary of $60,000
Some North Korean employees in the crypto industry earn up to $60,000 per month and hold multiple full-time and freelance jobs.
According to the UN report, the richest keep 30% of their income and give the rest to the authorities in Pyongyang.
Considering the reports of extreme poverty In North Korea, the sums are enormous for individuals.
This is why startups must remain vigilant.
“They will continue to flood job boards, build resumes, and attack crypto companies and projects as long as it is effective,” Monahan said.
Their work also has a geopolitical dimension.
Erin Plante, vice president of investigations at Chainalysis, said there are evidence North Korea partly funds its nuclear weapons program by hacking cryptography sites. The Lazarus Group, a North Korean hacking operation, attacked Ronin Bridge for $540 million in 2022, according to blockchain analytics firm Elliptic.
In 2019, the U.S. Treasury Department’s Office of Foreign Assets Control sanctioned Lazarus.
If North Korea is using fake candidates as part of this program, that’s a major problem, said Adam Zarzinski, CEO of blockchain analytics firm Inca Digital.
“There’s a silent war going on,” said Zarzinski, a former U.S. Air Force judge advocate. DL News.
Liam Kelly is a DeFi correspondent at DL NewsContact us at liam@dlnews.com.