North Korean Nationals Reportedly Applying for Crypto Jobs to Infiltrate Projects for Malicious Purposes

Crypto Jobs Cybersecurity North Korea
Last updated:
Journalist
Journalist
Hassan Shittu
Author Categories
About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

North Korean national fake job applicants are reportedly applying for crypto jobs to infiltrate projects for malicious purposes, making hiring even more difficult. A recent investigation has uncovered a troubling trend where doctored CVs are being used to deceive crypto companies.

Crypto Job Industry Faces New Challenges Amid Influx of Fake Applicants

According to the report by DL News, mounting evidence suggests that many of these bogus applicants are North Korean nationals aiming to infiltrate crypto projects for malicious purposes, such as gathering sensitive data, hacking, and asset theft.

“It’s an operational hazard for the industry,” said Shaun Potts, founder of the crypto-specific recruiting firm Plexus.

“It’s an ongoing thing, in the same way that hacking is a thing within tech. You can’t stop it, but you can minimise its risks.”

According to a recent United Nations Security Council report, over 4,000 North Koreans have been directed to conceal their identities and seek jobs in technology sectors, including crypto.

The council’s recent 615-page report noted that North Korean hackers have stolen $3 billion worth of crypto assets from 58 suspected cyberheists over the past seven years. The UN estimates that the fake hiring scheme alone earns North Korea up to $600 million annually.

Taylor Monahan, lead security researcher at MetaMask, explained that North Korea generates revenue by illegally selling resources, doing IT work, doing hard labor, and hacking.

This new development poses a fresh challenge for an increasingly mainstream industry, with Bitcoin ETFs and growing DeFi projects.

Zak Cole, co-founder of crypto venture studio Number Group, expressed concerns about bringing in new talent, stating, “Everyone I know is either working on another project or unavailable. How are we going to bring in new talent?”

In response to the hiring challenges, Cole and his co-founders turned to an AI tool called Applicant AI to screen applicants.

However, the results were mixed. In one case, an applicant claiming to be a native Dutch speaker hung up during a video interview when asked to speak in Dutch.

Another applicant’s GitHub profile, created only a month prior, raised red flags for a senior-level developer position. Some applicants even listed state penitentiaries as their home addresses.

Cole noted a disturbing pattern among the fake applicants: many refused to turn on their cameras during video interviews, and their responses often contradicted their CVs.

“They all have the same kind of script,” he said.

Karolis Kundrotas, a crypto-industry consultant at Durlston Partners, added that many applicants copy real LinkedIn profiles, altering them slightly to avoid detection.

Some undercover North Korean crypto employees reportedly earn as much as $60,000 monthly, holding multiple full-time and freelance jobs.

According to the UN report, these high earners keep 30% of their earnings and hand the rest to authorities in Pyongyang, contributing to the country’s significant revenue.

“They will continue to flood job posting forums, create résumés, and go after crypto companies and projects as long as it’s effective,” Monahan warned.

Lazarus Group Adopts New Tactics to Infiltrate Crypto Industry Through LinkedIn

In April 2024, blockchain security analytics firm SlowMist revealed that the notorious Lazarus Group is now posing as a blockchain developer seeking jobs in the cryptocurrency sector via LinkedIn. This alarming tactic involves hackers stealing confidential employee credentials after accessing repositories to run malicious code.SlowMist reported that the hackers invite victims to access their repositories under the pretext of conducting code reviews. Still, the snippets contain hidden malware to extract sensitive information and assets.This method is not new for the North Korean hacking group; a similar strategy was employed in December 2023 when they impersonated a fake recruiter from Meta.The impersonator contacted potential victims and requested they download two coding challenges as part of the application process.These files were laced with malware, and executing them on a work computer deployed a Trojan, enabling remote access to the system.The Lazarus Group is infamous for its sophisticated operations, stealing over $3 billion in cryptocurrency.Emerging in 2009, this organized hacking group continues to target crypto firms despite facing numerous sanctions.

More Articles

Bitcoin News
Osprey Funds Appeals Court Decision Favoring Grayscale in $2M Bitcoin Fund Case
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-11 07:45:25
Price Analysis
Bitcoin Just Bagged a $742M Boost—Is a $100K Comeback Next?
Arslan Butt
Arslan Butt
2025-02-11 07:31:50
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors