Invisible War: North Korean Hackers Have Infiltrated 20% of Cryptocurrency Companies

CN
深潮TechFlow
Follow
3 hours ago

"They work efficiently, work long hours, and never complain."

Author: Pedro Solimano, DL News

Translation: Deep Tide TechFlow

Pablo Sabbatella, a member of SEAL and founder of the Web3 auditing company Opsek

Source: Pedro Solimano

  • North Korean agents have infiltrated 15%-20% of crypto companies.

  • According to a SEAL member, 30%-40% of job applications in the crypto industry may come from North Korean agents.

  • The crypto industry has been criticized for having "the worst operational security (opsec) in the entire computer industry," said Pablo Sabbatella.

  • The extent of North Korea's infiltration into the crypto industry is far beyond what people realize.

Pablo Sabbatella, founder of the Web3 auditing company Opsek and current member of the Security Alliance, revealed shocking information at the Devconnect conference in Buenos Aires: North Korean agents may have infiltrated up to 20% of crypto companies.

"The situation in North Korea is much worse than people think," Sabbatella said in an interview with DL News. He further shocked by pointing out that 30%-40% of job applications in the crypto industry may come from North Korean agents trying to infiltrate relevant organizations.

If these estimates are true, the potential for damage would be incredible.

More importantly, North Korea's infiltration is not just about stealing funds through hacking techniques, although they have already stolen billions of dollars through sophisticated malware and social engineering methods. The bigger issue is that these agents could be hired by legitimate companies, gaining system access and manipulating the infrastructure that supports major crypto companies.

According to a report from the U.S. Treasury Department last November, North Korean hackers have stolen over $3 billion in cryptocurrency in the past three years. These funds have subsequently been used to support Pyongyang's nuclear weapons program.

How do North Korean agents infiltrate the crypto industry?

North Korean workers typically do not apply for positions directly, as international sanctions prevent them from participating in the hiring process under their real identities.

Instead, they look for unsuspecting global remote workers to act as "agents." Some of these agents have even transitioned into recruiters, helping North Korean agents use stolen identities to hire more overseas collaborators.

According to a recent report from the Security Alliance, these recruiters reach out to individuals around the world through freelance platforms like Upwork and Freelancer, primarily targeting Ukraine, the Philippines, and other developing countries.

Their "deal" is quite simple: provide verified account credentials or allow North Korean agents to remotely use your identity. In return, the collaborators can earn 20% of the income, while the North Korean agents keep 80%.

Sabbatella stated that many North Korean hackers target the United States.

"Their approach is to find Americans to be their 'front end,'" Sabbatella explained, "They pretend to be from China, don’t speak English, and need someone to help them with interviews."

Then, they infect the "front end" person's computer with malware to obtain a U.S. IP address and access more internet resources than they could in North Korea.

Once hired, these hackers are usually not dismissed, as their performance satisfies the company.

"They work efficiently, work long hours, and never complain," Sabbatella said in an interview with DL News.

Sabbatella provided a simple test method: "Ask them if they think Kim Jong-un is a weirdo or if there’s anything wrong with him." He said, "They are not allowed to say anything bad."

Vulnerabilities in Operational Security

However, North Korea's success relies not only on sophisticated social engineering.

Crypto companies—and users—make it easier.

"The crypto industry may have the worst operational security (opsec) in the entire computer industry," Sabbatella said. He criticized that founders in the crypto industry are "fully doxxed, perform poorly in protecting private keys, and are easily victimized by social engineering."

Operational Security (OPSEC) is a systematic process used to identify and protect critical information from adversarial threats.

The lack of operational security leads to a high-risk environment. "Everyone's computer will almost certainly be infected with malware at least once in their lifetime," Sabbatella stated.

Update Note

Update: This article has been updated to clarify Sabbatella's statement, indicating that North Korea does not control 30%-40% of crypto applications; the aforementioned ratio actually refers to the proportion of North Korean agents among job applications in the crypto industry.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarPANews
17 minutes ago
Quick Overview of the Ten Winning Projects at ETHGlobal Buenos Aires Hackathon
avatar
avatarOdaily星球日报
1 hour ago
Surrounding the Polymarket Robot: When Order Rewards Turn into Lethal Bait
avatar
avatarOdaily星球日报
1 hour ago
The Future of the "Dual Track System" for Yen Stablecoins: Deconstructing JPYC and the Institutional Path of Joint Stablecoins
avatar
avatar律动BlockBeats
1 hour ago
Key market intelligence on November 24, how much did you miss?
avatar
avatarOdaily星球日报
1 hour ago
How Web3 projects can be promoted on Xiaohongshu overall
APP

X

Telegram

Facebook

Reddit

CopyLink