Recently, a cryptocurrency investigation delved into one of the industry's biggest problems, revealing that its reach could be greater than suspected. The report exposed how North Korean hackers have attacked and infiltrated the sector, posing many legal and cybersecurity risks to companies and investors.
DPRK infiltration targets entire industry
CoinDesk tech/2024/10/02/how-north-korea-infiltrated-the-crypto-industry/” target=”_blank” rel=”noopener nofollow”>recently published an investigation detailing how North Koreans have infiltrated the industry and found that more than a dozen crypto companies had fallen victim to the country's tactics to circumvent sanctions and receive money from these projects.
The report revealed that several companies, including well-established projects such as Fantom, Injective, Yearn Finance, ZeroLend and Sushi, had inadvertently hired IT workers from the Democratic People's Republic of Korea (DPRK).
Furthermore, it exposed the extent of the problem, as interviews with several founders, industry experts, and blockchain researchers showed that infiltration is “much more frequent” than expected.
During the investigation, most of the hiring management teams consulted revealed that they had interviewed and hired suspected DPRK developers or knew someone who had done so.
Blockchain developer Zaki Manian revealed that he unknowingly hired two North Korean IT workers in 2021 to help develop the Cosmos Hub blockchain. He stated that “everyone is struggling to filter out these people,” as the probability of a job applicant being from the DPRK “is over 50% industry-wide.”
ZachXBT Chain Researcher x.com/zachxbt/status/1824047425822310580″ target=”_blank” rel=”noopener nofollow”>sleepless North Korea's exploit chain in August, sharing that it had discovered more than 25 crypto projects with developers linked to the DPRK that have been active since June 2024.
The crypto detective shared the names and addresses of 21 IT workers who had infiltrated the industry in just those three months. Additionally, he discovered that North Korea was “receiving between $300,000 and $500,000 per month for working on more than 25 projects at a time through the use of false identities.”
crypto hacks are not like Hollywood movies
The report explained that North Korean cyberattacks “do not tend to resemble the Hollywood version of hacking.” Instead, hackers tend to use some version of social engineering, gaining the team's trust to gain access to the project's private keys, usually through a malicious link.
Taylor Monahan, product manager at MetaMask, stated: “To date, we have never seen the DPRK do an actual exploit. “It’s always social engineering, and then compromising the device, and then compromising the private keys.”
North Korean developers disguise their true nationality with false documentation, as hiring workers from the DPRK is prohibited in many countries due to sanctions. After being hired, malicious actors initially do a good job of gaining the trust of their employers.
However, inconsistencies and discrepancies at work in its history begin to emerge as time passes, causing crypto companies to realize that they have been the target of a coordinated attack. Sometimes teams discover that they have been working with more than one individual who introduced themselves as a single person or that several of their employees are all one person.
As Bitcoinist reported, ethereum Layer-2 nft gaming platform Munchables was the victim of such an attack. In March, the project lost, and then recovered, more than $60 million in cryptocurrency after a developer became a hacker.
The heist was revealed to be an inside job and was linked to the North Korean government by several industry figures such as Laura Shin and ZachXBT. Additionally, four of the team's developers were suspected of being all one person.
Ultimately, the investigation showed that several crypto projects employing DPRK IT workers were victims of attacks, including Sushi in 2021 and, more recently, Delta Primes in September 2024.
<img data-recalc-dims="1" decoding="async" class="size-large wp-image-327801 aligncenter" src="https://technicalterrence.com/wp-content/uploads/2024/10/Crypto-Industry-Targeted-by-DPRK-Hackers-Report-Shows.png" alt="crypto” width=”980″ height=”524″ srcset=”https://bitcoinist.com/wp-content/uploads/2024/10/TOTAL_2024-10-02_14-10-09.png?w=1102 1102w, https://bitcoinist.com/wp-content/uploads/2024/10/TOTAL_2024-10-02_14-10-09.png?w=640 640w, https://bitcoinist.com/wp-content/uploads/2024/10/TOTAL_2024-10-02_14-10-09.png?w=768 768w, https://bitcoinist.com/wp-content/uploads/2024/10/TOTAL_2024-10-02_14-10-09.png?w=980 980w, https://bitcoinist.com/wp-content/uploads/2024/10/TOTAL_2024-10-02_14-10-09.png?w=750 750w” sizes=”(max-width: 980px) 100vw, 980px”/>
Total crypto market cap is at $2.09 trillion in the weekly chart. Source: TOTAL on x/ZV6jO9XU/" target="_blank" rel="noopener nofollow">TradingView
Featured image from Unsplash.com, chart from TradingView.com
