Crypto sleuth ZachXBT published an exposé on North Korean hackers working in the crypto industry, claiming they may occupy up to 920 IT and software development jobs.
These infiltrators are active worldwide, targeting companies across the crypto industry. Still, they often have telltale red flags, and dedicated startups can sniff out potential threats.
North Korean Hackers are Silently Infiltrating Crypto Businesses
Since the Lazarus Group pulled off the biggest theft in crypto history this year, the industry has been wary of North Korean hackers.
Crypto crime is at an elevated rate across the board, further contributing to the panic. However, there hasn’t been a concrete analysis of potential infiltrators working in crypto, which ZachXBT is attempting to remedy.
ZachXBT, one of the industry’s most famous sleuths, has been tracking North Koreans in DeFi for several months. Some of the first major infiltrators were unmasked in May, but the trend is increasing.
Last week, these hackers stole $1 million from several NFT projects, showing their increasing capabilities. So, how does this infiltration work?
Tracking the Breaches
Many hackers are paid exclusively in crypto, or a mix of crypto and fiat, enabling sleuths to track their blockchain data. ZachXBT tracked legitimate salary payments to clusters of suspected North Koreans, which totaled $16.58 million this year.
Many applicants worked multiple jobs at once, so there may not be 900+ simultaneous hackers.
Still, that’s a small comfort for many. North Korean hackers are likely present in almost every regional crypto industry, regardless of KYC/AML requirements.
Many smaller startups are facing a talent shortage, encouraging them to ignore potential red flags. These hackers also post fake job postings, further developing their ability to mimic normal applicants.
Nonetheless, common red flags can help companies identify these candidates during the hiring process, like sketchy digital footprints, failed KYC checks, and refusal to meet coworkers in the cities they allegedly live in.
The most important indicator, however, is shoddy performance and a high turnover rate. North Korean hackers routinely take IT and software development jobs at multiple firms at once, trying to get any inside access they can.
They are frequently unable to meet the workload, especially because they’re mainly interested in breaching security.
All that is to say, crypto startups should be able to prevent North Korean infiltration. So far, many of these techniques are surprisingly amateurish.
A security firm recently claimed that the Lazarus Group sends weaker hackers to breach companies, employing more veteran thieves to actually steal the assets. Dedicated watchers can prevent these breaches.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
