Security agencies: Up to 15% to 20% of cryptocurrency companies have North Korean agents infiltrating them

According to Pablo Sabbatella, a member of the Security Alliance and founder of the Web3 auditing company opsek, North Korea's infiltration into the crypto industry is "far beyond what anyone imagines." At the Devconnect conference, Pablo Sabbatella stated that as many as 15% to 20% of crypto companies have North Korean agents lurking. He estimates that 30% to 40% of all job applications received by crypto companies are attempts by North Korean agents to infiltrate these organizations. He warned that if these estimates are accurate, the potential scope of damage would be staggering.

Sabbatella pointed out that the scale of North Korean infiltration is not just about hackers stealing funds (which have amounted to billions of dollars over the past three years to fund nuclear weapons programs), but also includes staff being hired by legitimate companies, thereby gaining access to systems and operating the infrastructure that supports major crypto companies. Regarding how they are hired, Sabbatella explained that North Korean staff primarily look for unsuspecting remote workers around the world to act as "fronts." These recruiters reach out to individuals from Ukraine, the Philippines, and other developing countries on freelance platforms like Upwork and Freelancer. They propose to collaborators: hand over verified account credentials or allow North Korean agents to remotely use their identities in exchange for 20% of the profits, while the North Korean agents keep 80%.

Sabbatella stated that many North Korean hackers target the United States, finding an American to act as a "front," and then pretending to be a Chinese person with limited English skills to secure interview opportunities. They infect the "front's" computer with malware, thereby obtaining a U.S. IP address and access to most of the internet that is not reachable from North Korea. Once hired, companies keep them because they "perform well, have a high workload, and never complain." Sabbatella also noted that the success of North Korean criminal activities lies not only in clever social engineering but also in the operational security shortcomings of crypto companies and users themselves. He bluntly stated that the crypto industry "may have the worst opsec in the entire computer industry," with many founders "having their information completely public, doing a very poor job of securely holding private keys, and being easy victims of social engineering."