Original author: Pedro Solimano, DL News
Original translation: Deep Tide TechFlow
Pablo Sabbatella, SEAL member and founder of the Web3 auditing company Opsek Source: Pedro Solimano
North Korean agents have infiltrated 15%-20% of crypto companies.
According to a SEAL member, 30%-40% of job applications in the crypto industry may come from North Korean agents.
The crypto industry has been criticized for having "the worst operational security (opsec) in the entire computer industry," said Pablo Sabbatella.
The extent of North Korea's infiltration into the crypto industry far exceeds public perception.
Pablo Sabbatella, founder of the Web3 auditing company Opsek and current member of the Security Alliance, revealed at the Devconnect conference in Buenos Aires that North Korean agents may have infiltrated up to 20% of crypto companies.
"The situation in North Korea is much worse than people imagine," Sabbatella stated in an interview with DL News. He shockingly pointed out that 30%-40% of job applications in the crypto industry may come from North Korean agents attempting to infiltrate relevant organizations.
If these estimates are true, the potential for damage would be incredible.
More importantly, North Korea's infiltration is not just about stealing funds through hacking techniques, although they have already stolen billions of dollars through sophisticated malware and social engineering tactics. The bigger issue is that these agents could be hired by legitimate companies, gaining system access and manipulating the infrastructure that supports major crypto companies.
According to a report from the U.S. Treasury Department last November, North Korean hackers have stolen over $3 billion in cryptocurrency in the past three years. These funds have subsequently been used to support Pyongyang's nuclear weapons program.
How do North Korean agents infiltrate the crypto industry?
North Korean workers typically do not apply for positions directly, as international sanctions prevent them from participating in the recruitment process under their real identities.
Instead, they look for unsuspecting global remote workers to act as "agents." Some of these agents have even transitioned into recruiters, helping North Korean agents hire more overseas collaborators using stolen identities.
According to a recent report from the Security Alliance, these recruiters reach out to individuals around the world through freelance platforms like Upwork and Freelancer, primarily targeting Ukraine, the Philippines, and other developing countries.
Their "deal" is quite simple: provide verified account credentials or allow North Korean agents to remotely use your identity. In return, the collaborators can earn 20% of the income, while the North Korean agents keep 80%.
Sabbatella noted that many North Korean hackers target the United States.
"Their approach is to find Americans to be their 'front end,'" Sabbatella explained, "They pretend to be from China, don’t speak English, and need someone to help them with interviews."
Then, they infect the "front end" person's computer with malware to obtain a U.S. IP address and access more internet resources than they could in North Korea.
Once hired, these hackers are usually not dismissed, as their performance satisfies the company.
"They are efficient, work long hours, and never complain," Sabbatella said in an interview with DL News.
Sabbatella provided a simple test: "Ask them if they think Kim Jong-un is a weirdo or if there’s anything wrong with him." He said, "They are not allowed to say anything bad."
Vulnerabilities in Operational Security
However, North Korea's success relies not only on sophisticated social engineering.
Crypto companies—and users—make it easier.
"The crypto industry may have the worst operational security (opsec) in the entire computer industry," Sabbatella said. He criticized that founders in the crypto industry are "fully doxxed, perform poorly in protecting private keys, and are easily victimized by social engineering."
Operational Security (OPSEC) is a systematic process used to identify and protect critical information from adversarial threats.
The lack of operational security leads to a high-risk environment. "Everyone's computer will almost certainly be infected with malware at least once in their lifetime," Sabbatella stated.
Update Note
Update: This article has been updated to clarify Sabbatella's statement, indicating that North Korea does not control 30%-40% of crypto applications; the aforementioned ratio actually refers to the proportion of North Korean agents among job applications in the crypto industry.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
