Aztec Network growth lead Jonathan Wu claims he may have interviewed a North Korean hacker for a job at the Ethereum layer two (L2) privacy protocol.
North Korean hackers are notorious for pillaging billions of dollars from the cryptocurrency industry, particularly in DeFi, according to the U.S. Federal Bureau of Investigations (FBI).
The latest hit involves the theft of $620 million from Axie Infinity’s Ronin Network bridge by North Korean-backed hacker group Lazarus, the FBI alleged.
Posting on Twitter, Wu laid out details about a job interview he had by video with one ‘Bobby Sierra,’ a Solidity engineer supposedly from Hong Kong. He found Sierra via jobs platform Greenhouse, claiming “6+ years of rich experience.”
But the character, believed to be from North Korea, could neither clearly describe his skillset nor explain projects he claimed to have previously worked on. For example, Sierra failed to clarify his alleged experience in F2Pool, one of the largest Bitcoin and Ethereum mining pools in the world.
Instead, he mentioned “completely random” DAO and NFT projects like BoredBunnies and MetaverseDAO. Sierra listed 12 GitHub commits over the previous 12 months, experience which is far from “rich” for a blockchain developer.
Multiple red flags: ‘The world will see the great result from my hands’
Wu said the applicant’s camera was off during the entire video conversation, backgrounded by loud noises of people speaking a mixture of Korean and English. Also, Sierra falsified his location, pretending on his cover letter to be an engineer based in Ontario, Canada.
There were several red flags, including the repeated use of “okay” as a pause filler — a custom among indigenous Koreans — poor English, and a suspicious accent. But, according to Wu, the greatest giveaway was perhaps the inclusion of the phrase “the world will see the great result from my hands” in ‘Bobby Sierra’s curriculum vitae.
Cursing, the Aztec growth lead said:
“Immediately I’m like, this m********ker sounds like a Bond villain. I’m picturing a dude whose arm is actually a laser cannon and his eyeball is made of plutonium or some s**t. Who f***ing talks like that?”
Wu eventually abandons the interview worried that the character might not be a genuine job seeker, but an attacker looking to exploit Aztec Network from the inside. He is not sure about the nature of a future attack, whether this was a social engineering scare or an attempt to “gain access to our codebase and push a malicious change.”
Hacker tricks evolving
With each passing day, hackers are trying more tricks. Now, they seek to embed themselves as employees in crypto companies. Hackers have stolen more than $1.22 billion from the decentralized finance (DeFi) market this year alone.
The FBI alleges that North Korean hacker groups have been reaching out to crypto services pretending to be job seekers or programmers, so they can understand how their processes work.
“The activity involves social engineering of victims using a variety of communication platforms to encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems,” it said in an advisory on April 20.
“The cyber actors then use the applications to gain access to the victim’s computer, propagate malware across the victim’s network environment, and steal private keys or exploit other security gaps,” it added.