An anonymous coder working for the cryptocurrency industry could be a North Korean hacker

DL News
2024-11-18 11:48:55
Collection
This is a silent war.

Author: Liam Kelly, DL News

Compiled by: GaryMa Wu Says Blockchain

Summary

  • Fake applicants are testing the acceptance of anonymity in cryptocurrency.

  • The United Nations reports that 4,000 North Koreans have attempted to infiltrate the tech industry through job acquisition.

  • An expert states, "This is a silent war."

Recruiting in the cryptocurrency industry has never been an easy task.

Finding skilled developers is challenging, and managing remote workers across multiple time zones is also not easy.

Now, recruiting in cryptocurrency has become even more difficult.

DL News's investigation found that fake applicants are flooding job sites with forged resumes.

Moreover, there is increasing evidence that many of these fake applicants appear to be North Korean nationals attempting to infiltrate cryptocurrency projects for malicious purposes, including collecting sensitive data, hacking, and stealing assets.

Shaun Potts, founder of the cryptocurrency-focused recruitment firm Plexus, told DL News, "This is an operational risk for the industry; it's a persistent phenomenon, just like hacking exists in the tech industry. You can't stop it, but you can try to mitigate the risk."

Concealed Identity

According to the United Nations Security Council, over 4,000 North Koreans have been instructed to conceal their identities in an attempt to enter the Western tech industry, including the cryptocurrency sector.

In a recent 615-page report, the Security Council stated that North Korean hackers have stolen $3 billion worth of cryptocurrency assets in 58 alleged cyber theft cases over the past seven years.

While it is unclear how many of these thefts were achieved through fake employees, experts are concerned that this trend is just beginning.

"They are illegally selling resources, IT jobs, labor, and hacking skills."

------ Taylor Monahan, MetaMask

Because this is big business. The United Nations states that fake recruitment schemes can earn North Korea up to $600 million annually.

Taylor Monahan, chief security researcher at MetaMask, told DL News, "The resources they can sell to China are very limited, so they generate revenue through illegal sales of resources, IT jobs, labor, and hacking skills."

New Challenges

This development poses a new challenge for an industry moving towards the mainstream. With the launch of Bitcoin ETFs, Wall Street has accepted cryptocurrency as an asset class. Revenues for DeFi stalwarts like Solana and Aave are growing, and businesses are expanding.

As the industry scales up and the demand for new employees surges, the last thing the cryptocurrency sector needs is a wave of fake applicants.

The top ten cryptocurrency exchanges, including Coinbase and Binance, posted over 1,200 new positions just in May. Layoffs are also slowing down.

According to data from Layoffs.fyi, the number of unemployed in the cryptocurrency industry in the first quarter of this year has significantly decreased compared to the same period last year.

"They just added some new positions to their LinkedIn searches to appear different."

------ Karolis Kundrotas, Durlston Partners

Zak Cole, co-founder of the cryptocurrency venture studio Number Group, told DL News, "Everyone I know is either working on another project or has no free time. How do we bring in new talent?"

The answer is—expand the search.

AI Search

Cole and his co-founders did not turn to formal recruitment agencies but instead used an AI tool called Applicant AI to screen candidates. This tool uses AI to flag keywords in resumes that meet their criteria.

The results have been mixed. During a video interview with Number Group, a candidate claiming to be a native Dutch speaker hung up when asked to communicate in that language.

Another candidate's GitHub profile—programmers' LinkedIn—was created just a month ago, yet they applied for a senior developer position.

On another resume, a candidate applying for a remote position listed a state prison in Texas as their home address.

When asked if they actually lived in the prison, the candidate replied, "Yes."

Cole's biggest concern is ensuring that candidates are who they say they are.

He noted a pattern while screening candidates and scheduling interviews: many refuse to turn on their cameras.

Video Calls

Often, what they say in interviews contradicts what is written on their resumes. In other words, they are lying.

"They all have the same script," Cole said. He noted that if they appear on camera, the background is also blurred, and they are calling from a room with other people.

Karolis Kundrotas, a cryptocurrency industry consultant at Durlston Partners, stated that many applicants are copying real LinkedIn profiles.

"The experiences are identical, and the educational backgrounds match real individuals," he said. "They just add some new positions to make them appear different in LinkedIn searches."

Kundrotas emphasized that video calls are also crucial because you can see if the person quickly reads additional information before answering.

In a video call shared with DL News, one candidate did just that.

The candidate claimed to have in-depth knowledge of non-fungible tokens (NFTs) and crypto gaming but had never heard of "Axie Infinity," one of the largest and most well-known games in the industry.

This is clearly a huge red flag.

Refusal of Background Checks

In addition to wasting a lot of time, these fake applicants also undermine a key pillar of cryptocurrency's core philosophy.

Anonymity and pseudonymity are important values in cryptocurrency. Project teams tend to refuse background checks and work at the speed of startups, making them prime targets for illegal recruitment schemes.

For this reason, Potts stated that 95% of his clients have stopped hiring pseudonymous developers.

Monahan from MetaMask said, "People underestimate the low barrier to entry in cryptocurrency. In reality, it's not uncommon for random projects to hire someone for some work and then quickly promote them."

This may be exactly what North Korean infiltrators are counting on.

Monthly Salary of $60,000

Some secret North Korean cryptocurrency employees earn up to $60,000 a month and hold multiple full-time and freelance positions.

High earners can keep 30% of their income, with the remainder going to the authorities in Pyongyang, according to the UN report.

Given North Korea's extreme poverty, these amounts are significant for individuals.

This is why startups must remain vigilant.

Monahan stated, "As long as this is effective, they will continue to post jobs on recruitment forums, create resumes, and target cryptocurrency companies and projects."

Their work also has a geopolitical angle.

Erin Plante, vice president of investigations at Chainalysis, stated that there is evidence that North Korea partially funds its nuclear weapons program through hacking cryptocurrency websites. According to data from blockchain analysis firm Elliptic, North Korean hacker group Lazarus Group attacked the Ronin Bridge in 2022, stealing $540 million.

In 2019, the U.S. Treasury Department's Office of Foreign Assets Control sanctioned Lazarus.

If North Korea is using fake applicants as part of this scheme, it would be a significant issue, said Adam Zarzinski, CEO of blockchain analysis firm Inca Digital.

Zarzinski, a former U.S. Air Force judge, told DL News, "This is a silent war."

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
ChainCatcher Building the Web3 world with innovators