How North Korean IT Workers Secretly Infiltrate Crypto Firms

• North Korean IT workers infiltrated crypto companies. 
• Companies include Fantom, Sushi, and Injective.
• North Korea uses foreign labor to get revenue. 

When North Korea and crypto appear in the news together, it’s usually not a good sign. It usually has to do with either crypto hacks by the infamous Lazarus Group , or some type of sanctions violation. The most recent case is no different. 

A series of reports have uncovered how crypto companies unknowingly hired several North Korean IT workers. These workers used fake IDs and references to bypass checks. Other than potentially compromising major crypto companies, they also funnel money back to the North Korean regime. 

North Korean Workers Infiltrating Crypto Companies

North Korean workers are exploiting the crypto space in a new way. According to recent reports, individuals from the DPRK have gotten jobs at companies like Injective, ZeroLend, Fantom, and Sushi. 

These workers used face documentation to pass background checks. They also forged their work histories to gain attractive positions in these companies. In some cases, North Korean employees found jobs on freelance platforms or community-driven job boards. These are less likely to have strong vetting processes. 

Due to many crypto companies employing a remote workforce, it is often difficult for them to vet their employees. This is why many of these companies have discovered North Koreans in their workforce only after US government agencies alerted them over suspicious blockchain transactions. 

Why North Korean Hackers Are Looking For Jobs in Crypto

North Korean IT workers are looking for jobs in crypto for several reasons. The more obvious reason is to get privileged access to companies that handle millions. For example, in August, crypto investigator ZachXBT uncovered a $1.3 million hack and tied it back to North Korean contractors. 

Another such instance was that of the Sushi Swap’s $3 million hack in 2021. Later, investigators discovered that North Korean IT workers were instrumental in the hack. Even beyond hacking opportunities, North Korean workers seek jobs abroad to funnel the money back to the regime. 

According to the UN, the DPRK regime earns as much as $600 million annually from its workforce abroad. This money is a key source of foreign currency for the financially struggling regime. This also prompted the US to issue a warning about North Korean workers posing as IT specialists from other locations.  

On the Flipside

In 2022, reports showed North Korean hackers stealing LinkedIn and Indeed profiles to look for work. 

According to the UN, between 2017 and 2023, North Korean hackers stole $3 billion in 58 crypto cyberattacks. 

Why This Matters

North Korean IT workers in the crypto industry pose a significant risk to global security and the crypto ecosystem. These workers funnel money to the DPRK, while also exposing crypto projects to risks of hacking. 

Read more about North Korean hackers: 
Microsoft Flags North Korean Hacker Targeting Crypto Users on Chromium

Read more about crypto exchanges pushing for compliance: 
As Exchanges Push Compliance, GRVT Partners with ComplyCube