Up to one-fifth of all crypto companies may have North Korean workers embedded in their operations, a security expert warned at Devconnect in Buenos Aires.
Summary
- Up to 20% of crypto companies may unknowingly have North Korean workers embedded.
- An estimated 30–40% of crypto job applicants are DPRK attempts to infiltrate firms.
- North Korea has stolen over $3B in crypto in three years, funding nuclear programs.
Pablo Sabbatella, who founded web3 audit firm Opsek and serves as a Security Alliance member, shared estimates that suggest the problem extends far beyond isolated incidents.
Job applications flooding into crypto firms show an even more troubling picture. Sabbatella estimates that roughly 30% to 40% of applicants are North Korean attempts at gaining employment.
Sanctions evasion through identity theft schemes
International sanctions prevent North Koreans from applying for jobs under their real identities. The workaround involves recruiting people in other countries to serve as fake employees.
Freelance platforms like Upwork and Freelancer have become hunting grounds for these recruiters, who target workers in Ukraine, the Philippines, and similar nations.
The arrangement splits earnings 80-20, with the North Korean agent taking the larger share. Collaborators provide verified credentials or allow remote use of their identity.
U.S. companies face particular targeting. North Korean agents claim to be non-English speaking Chinese applicants who need interview assistance.
The “front person” gets their computer infected with malware during this process and grants the agent access to American IP addresses and overall internet access than North Korea allows.
Companies often retain these workers long-term. “They work well, they work a lot, and they never complain,” Sabbatella told local news. Performance keeps suspicions low while access to sensitive systems grows.
Weak security practices enable massive theft operations
Pyongyang’s cyber operations have netted over $3 billion in stolen cryptocurrency across three years, according to U.S. Treasury Department figures from November.
The stolen funds flow directly into North Korea’s nuclear weapons development programs.
Sabbatella placed blame squarely on industry practices. Crypto companies show weaker operational security than any other computing sector, he argued.
Founders publicly reveal their identities, mishandle private keys, and succumb to manipulation tactics.
