North Korean hackers penetrate crypto companies via job postings: report

North Korean hackers are infiltrating crypto job postings, according to a report by trade publication DL News .

“[M]ounting evidence suggests a number of these bogus applicants appear to be North Korean nationals who are trying to infiltrate crypto projects for nefarious purposes, including gathering sensitive data, hacking, and stealing assets,” according to an article posted Monday.

The problem isn’t relegated just to the crypto industry; according to the United Nations Security Council, more than 4,000 North Koreans have been hired by Western technology firms. These “fake hiring schemes” earn the Hermit Kingdom over $600 million in revenue, according to the UN.

However, recent evidence has suggested one of the ways North Korea has looked to target crypto firms is by placing units on the inside. Security expert and MetaMask developer Taylor Monahan has written extensively about how hackers use “social engineering” to worm their way into companies or access sensitive information.

One long-time method, Monahan wrote in a recent thread on X :

• “Contact employee via social/messaging app"
• “Direct them to a Github for a job offer, "skills test," or to help with a bug"
• “Rekt individual's device"
• “Gain entry to company's AWS"
• “Rekt company (and their users)"

Monahan cited two examples of conversations shared with her between employees of an unnamed company allegedly contacted by North Korean hackers. The would-be infiltrators seemingly follow a script to get unsuspecting developers to download malware.

Likewise, according to DL New’s investigation, hackers are said to follow a script when applying to multiple jobs and often copy the resumés or LinkedIn profiles of real people. The problem is complicated given that pseudonymity is embraced by the crypto community.

Exploits remain a massive issue across the industry with investors thought to have lost at least $664 million in the first half of 2024 alone, according to DeFiLlama. North Korean actors are especially prolific and are allegedly behind some of the largest crypto hacks to date including the Ronin bridge , DMM Bitcoin crypto exchange and Estonia-based Atomic Wallet .

The UN estimates North Korean hackers have stolen $3 billion worth of crypto assets to date.