Security company: North Korean hackers have penetrated 15~20% of cryptocurrency companies

North Korean agents may have infiltrated as many as 20% of cryptocurrency companies, and 30%-40% of job applications may come from North Korean agents. Using stolen identities through proxies, they perform their job well but with the goal of stealing funds and manipulating system infrastructure. This article originates from an article written by Pedro Solimano, which was organized, compiled and written by DeepChao TechFlow.
(Preliminary summary: Microsoft teamed up with the FBI to crack down on North Korean hacker fraud! 3,000 accounts were frozen, and the American "worker accomplice" was caught)
(Background supplement: The investigation of the BitoPro hack was North Korea's Lazarus! Social engineering attacks stole $11.5 million)

Pablo, founder of Web3 auditing company Opsek and current Security Alliance member Sabbatella, who broke the news at the Devconnect conference in Buenos Aires: North Korean agents may have infiltrated as many as 20% of cryptocurrency companies.

"The situation in North Korea is much worse than everyone thinks," Sabbatella said in an interview with DL News. He even more alarmingly pointed out that 30%-40% of job applications in the cryptocurrency industry may come from North Korean agents who try to infiltrate related organizations in this way.

If these estimates are true, the potential for damage would be incredible.

What’s more, North Korea’s infiltrations are not just about stealing money through hacking techniques, although they have stolen billions of dollars through sophisticated malware and social engineering methods. The bigger problem is that these agents are hired by legitimate companies to gain access to systems and control the infrastructure that supports major cryptocurrency companies.

North Korean hackers have stolen more than $3 billion in cryptocurrency over the past three years, according to a U.S. Treasury report in November. The funds were then used to support Pyongyang's nuclear weapons program.

How do North Korean agents infiltrate the cryptocurrency industry?

North Korean workers typically do not apply directly for positions because international sanctions prevent them from participating in the recruitment process with their true identities.

Instead, they seek out unsuspecting remote workers around the world to act as "agents." Some of these agents have even transformed into recruiters, helping North Korean agents use stolen identities to hire more overseas collaborators.

According to a recent Security Alliance report, these recruiters reach out to individuals around the world through freelance platforms such as Upwork and Freelancer, with a focus on Ukraine, the Philippines, and other developing countries.

Their "deal" is simple: provide verified account credentials or allow North Korean agents to use your identity remotely. In return, collaborators receive 20 percent of the revenue, while North Korean agents keep 80 percent.

Sabbatella said many North Korean hackers target the United States.

"What they do is they find Americans to be their 'front ends,'" Sabbatella explained. "They pretend they are from China, don't speak English, and need help with interviews."

They then infect the computers of the "front ends" with malware, thereby obtaining U.S. IP addresses and accessing more Internet resources than they could in North Korea.

Once hired, these hackers are usually not fired because their performance satisfies the company.

“They work very efficiently, they work long hours, and they never complain,” Sabbatella said in an interview with DL News.

Sabbatella offers a simple test: "Ask them if they think Kim Jong-un is a weirdo or has something bad to say about him," he said. "They're not allowed to say anything bad."

Operation Security Vulnerabilities

However, North Korea's success relies on more than just sophisticated social engineering. Cryptocurrency companies and users are making this easier.

“The cryptocurrency industry probably has the worst operational security (opsec) of the entire computer industry,” Sabbatella said. He criticized the founders of the cryptocurrency industry as "fully doxxed, poor at protecting private keys, and vulnerable to social engineering." Operational Security (OPSEC) is a systematic process for identifying and protecting critical information from adversaries.

A lack of operational security can lead to a high-risk environment. "Everyone's computer will be infected by malware almost once in their lifetime," Sabbatella said.