The U.S. government has recently ramped up warnings that North Korean IT specialists are sneaking into tech companies, including crypto firms, and funneling their earnings to fund the Democratic People's Republic of Korea's (DPRK) nuclear weapons program.

But they're a bit late. More than a dozen crypto companies have already admitted they unknowingly hired IT specialists from North Korea. Almost every hiring manager from these companies admitted to having interviewed supposed North Korean developers, hiring them unintentionally. 

How Fake Workers Slip Through

According to a 2024 United Nations report, these IT specialists are raking in up to $600 million annually for Kim Jon Un's regime. Several prominent blockchain projects were identified among the accidental North Korean employers, including Cosmos Hub, Injective, ZeroLend, Fantom, Sushi, and Yearn Finance.

North Korean IT workers are notorious for using stolen or fake IDs that can slip through without specialized background checks.

hodl-post-image
"Naoki Murano" provided an authentic-looking Japanese passport. Source: Coindesk

A dozen companies that provided records confirmed they had previously found suspected North Korean IT workers on their payrolls. Some declined further comment due to fears of legal consequences, while others shared their experiences in the hope others could learn from their misfortune.

Take Stefan Rust, founder of the crypto company Truflation. He unknowingly hired his first North Korean employee through Telegram. "Ryuhei" claimed to be from Japan, but strange discrepancies started popping up soon after the hire.

Rust recalls:

At one point, I'm chatting with this guy, and he said he got caught in an earthquake. The problem is, that there hasn’t been an earthquake in Japan recently. Then the employee started missing calls, and when he did show up, “it wasn’t him.” Whoever was on the other end had mysteriously lost his Japanese accent.

Turns out, Rust’s hiring fiasco was part of a coordinated DPRK scheme, and eventually, he learned that over a third of his team were North Koreans. 

hodl-post-image
Forged Texas driver's license, suspected to be a North Korean national. Source: Coindesk

Hiring workers from North Korea is illegal in the U.S. and other countries enforcing sanctions against the regime. Apart from legal headaches, it’s also a security nightmare. Several companies that hired North Korean IT specialists have subsequently been hacked.

The Cost of Blind Hiring

Remember the September 2021 incident? MISO, a platform created by Sushi to launch crypto tokens, lost $3 million in a heist. The attack was likely related to Sushi hiring two developers tied to North Korea.

At the time, Joseph Delong, the CTO of Sushi, traced the MISO hack to two freelance developers using the names Anthony Keller and Sava Grujic. Delong now suspects that these developers (who may have been one person or an organization) inserted malicious code into the MISO platform, rerouting funds into a wallet they controlled.

Grujic under the pseudonym “Aristok3”, executed the hack on September 2nd, diverting $3 million into a fresh crypto wallet.

The Big Picture

In the past seven years, North Korea has stolen over $3 billion in cryptocurrency through hacks, according to the UN. In 2023 alone, nearly half of the hacks linked to North Korea involved thefts carried out by their IT specialists. 

It’s illegal to pay North Korean workers in the U.S., whether you know about it or not — a legal concept called “strict liability.” Hiring DPRK workers can bring legal risks to any company doing business in countries enforcing sanctions against North Korea, regardless of where the company is based.

Luckily, so far, neither the U.S. nor any other UN member state has prosecuted a crypto company for hiring North Korean IT specialists. Authorities have been somewhat lenient, recognizing that many firms are victims of an exceptionally sophisticated identity fraud scheme — or at worst, a prolonged scam of the most embarrassing kind.

North Korea Hackers Siphon Institutional Crypto Reserves | HODL FM
North Korean hackers exploit browser flaws and social engineering…
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice of this sort, HODL FM strongly recommends contacting a qualified industry professional.