North Korean hackers penetrate crypto companies via job postings: report

Quick Take

  • North Korean hackers are infiltrating crypto job postings, according to a DL News report.
  • Security expert Taylor Monahan says exploiters use “social engineering” to worm their way into company servers and access sensitive information. 
  • North Korea is reportedly behind at least $3 billion in crypto losses to date.

North Korean hackers are infiltrating crypto job postings, according to a report by trade publication DL News.

“[M]ounting evidence suggests a number of these bogus applicants appear to be North Korean nationals who are trying to infiltrate crypto projects for nefarious purposes, including gathering sensitive data, hacking, and stealing assets,” according to an article posted Monday.

The problem isn’t relegated just to the crypto industry; according to the United Nations Security Council, more than 4,000 North Koreans have been hired by Western technology firms. These “fake hiring schemes” earn the Hermit Kingdom over $600 million in revenue, according to the UN.

However, recent evidence has suggested one of the ways North Korea has looked to target crypto firms is by placing units on the inside. Security expert and MetaMask developer Taylor Monahan has written extensively about how hackers use “social engineering” to worm their way into companies or access sensitive information.

One long-time method, Monahan wrote in a recent thread on X:

  • “Contact employee via social/messaging app"
  • “Direct them to a Github for a job offer, "skills test," or to help with a bug"
  • “Rekt individual's device"
  • “Gain entry to company's AWS"
  • “Rekt company (and their users)"

Monahan cited two examples of conversations shared with her between employees of an unnamed company allegedly contacted by North Korean hackers. The would-be infiltrators seemingly follow a script to get unsuspecting developers to download malware.

Likewise, according to DL New’s investigation, hackers are said to follow a script when applying to multiple jobs and often copy the resumés or LinkedIn profiles of real people. The problem is complicated given that pseudonymity is embraced by the crypto community.

Exploits remain a massive issue across the industry with investors thought to have lost at least $664 million in the first half of 2024 alone, according to DeFiLlama. North Korean actors are especially prolific and are allegedly behind some of the largest crypto hacks to date including the Ronin bridge, DMM Bitcoin crypto exchange and Estonia-based Atomic Wallet.

The UN estimates North Korean hackers have stolen $3 billion worth of crypto assets to date.


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Daniel Kuhn is a Senior Journalist and Editor at The Block, where he covers the crypto industry with a particular focus on tech. He previously served as deputy managing editor of opinion/features at CoinDesk. He first appeared in print in Financial Planning, a trade publication magazine. Before journalism, he studied philosophy as an undergrad, English literature in graduate school and business and economic reporting at an NYU professional program. You can connect with him on Twitter and Telegram @danielgkuhn or find him on Urbit as ~dorrys-lonreb.

Editor

To contact the editor of this story:
Jason Shubnell at
[email protected]