Cryptocurrency Industry's Espionage War Escalates: 40% of Job Applicants Allegedly North Korean Agents?

Original Title: North Korean crypto infiltration is much worse than everyone thinks, says SEAL member

Original Author: Pedro Solimano, DL News

Original Translation: Deep Tide TechFlow

North Korean operatives have already infiltrated 15%-20% of crypto companies.

According to a SEAL member, 30%-40% of job applications in the crypto industry may originate from North Korean operatives.

The crypto industry has been criticized for having "the worst operational security (opsec) in the entire computer industry," said Pablo Sabbatella.

The extent of North Korea's infiltration into the crypto industry is far beyond people's awareness.

Pablo Sabbatella, founder of the Web3 audit company Opsek and current Security Alliance member, dropped a bombshell at the Devconnect conference in Buenos Aires: North Korean operatives may have infiltrated up to 20% of crypto companies.

"The situation in North Korea is much worse than everyone imagines," Sabbatella told DL News in an interview. He even shockingly pointed out that 30%-40% of job applications in the crypto industry may come from North Korean operatives trying to infiltrate relevant organizations in this way.

If these estimates are true, their potential for disruption would be incredibly high.

More importantly, North Korea's infiltration is not just about stealing funds through hacking techniques, although they have already stolen billions through sophisticated malware and social engineering tactics. The bigger issue is that these operatives will be hired by legitimate companies, gain system permissions, and manipulate the infrastructure supporting major crypto companies.

According to a report from the U.S. Treasury Department in November of last year, North Korean hackers have stolen over $3 billion in cryptocurrency over the past three years. These funds were subsequently used to support Pyongyang's nuclear weapons program.

How Do North Korean Operatives Infiltrate the Crypto Industry?

North Korean workers typically do not directly apply for positions because international sanctions prevent them from participating in the recruitment process under their true identities.

On the contrary, they will seek uninformed global remote workers to act as "agents." Some of these agents have even transitioned into recruiters, helping North Korean operatives use stolen identities to hire more overseas collaborators.

According to a recent report by Security Alliance, these recruiters reach out to individuals worldwide through freelance platforms (such as Upwork and Freelancer), with a focus mainly on Ukraine, the Philippines, and other developing countries.

Their "transaction" is quite simple: they provide verified account credentials or allow North Korean operatives to remotely use your identity. In return, collaborators can receive 20% of the income, while the North Korean operatives retain 80%.

Sabbatella stated that many North Korean hackers target the United States.

"Their approach is to find Americans to be their 'front end,'" Sabbatella explained, "They will pretend to be from China, unable to speak English, needing someone to help with interviews."

They will then infect the "front end" individual's computer with malware to obtain a US IP address, allowing them to access more internet resources than when in North Korea.

Once hired, these hackers are usually not dismissed because their performance satisfies the company.

"They are highly efficient, work long hours, and never complain," Sabbatella said in an interview with DL News.

Sabbatella provided a simple test method: "Ask them if they think Kim Jong Un is weird or has any flaws." He said, "They are not allowed to say anything negative."

Operational Security Vulnerabilities

However, North Korea's success does not solely rely on sophisticated social engineering.

Cryptocurrency companies—and users—have made it all easier.

"The cryptocurrency industry may be the worst in operational security (opsec) in the entire computer industry," Sabbatella said. He criticized that the founders of cryptocurrency companies are "fully doxxed, perform poorly in protecting private keys, and are easily susceptible to social engineering."

Operational Security (OPSEC) is a systematic process used to identify and protect key information from adversary threats.

The lack of operational security can lead to a high-risk environment. "Almost everyone's computer will be infected with malware at least once in their lifetime," Sabbatella said.

Update Statement

Update: This article has been updated to reflect Sabbatella's clarification that North Korea does not control 30%-40% of crypto applications; this percentage actually refers to the proportion of North Korean operatives in crypto industry job applications.