Anonymous coder working for the crypto industry may be a North Korean hacker

avatar
吴说
4 days ago
This article is approximately 1211 words,and reading the entire article takes about 2 minutes
This is a silent war

Original article by Liam Kelly, DL News

Original translation: GaryMa Wu talks about blockchain

summary

  • Fake job applicants are testing cryptocurrencys acceptance of anonymity.

  • The United Nations says 4,000 North Koreans have tried to infiltrate the tech sector by getting jobs.

  • This is a silent war, said one expert.

Hiring in the cryptocurrency industry has never been easy.

It’s hard to find skilled developers, and it’s not easy to manage remote workers in multiple time zones at the same time.

Cryptocurrency recruiting has become even tougher these days.

A DL News investigation has found that fake applicants are flooding job sites with forged resumes.

Additionally, there is growing evidence that many of these fake applicants appear to be North Korean nationals attempting to infiltrate cryptocurrency projects for nefarious purposes, including collecting sensitive data, hacking, and stealing assets.

“It’s an operational risk to the industry, it’s an ongoing phenomenon, just like hacks are to the tech industry,” Shaun Potts, founder of cryptocurrency-specific recruiting firm Plexus, told DL News. “You can’t stop it, but you can minimize the risk.”

Anonymous identity

According to the United Nations Security Council, more than 4,000 North Koreans have been instructed to hide their identities in an attempt to work in Western tech industries, including cryptocurrency.

In a recent 615-page report, the Security Council said North Korean hackers had stolen $3 billion worth of cryptocurrency assets over the past seven years in 58 suspected cases of cyber theft.

While it’s unclear how many of these thefts were accomplished through fake employees, experts worry the trend is just beginning.

“They illegally sell resources, IT jobs, hard labour and hacking skills.”

—Taylor Monahan, MetaMask

Because its big business. Fake recruitment schemes alone could earn North Korea up to $600 million a year, the United Nations says.

“They have very limited resources to sell to China, so they generate income through illegal sales of resources, IT work, hard labor, and hacking techniques,” Taylor Monahan, lead security researcher at MetaMask, told DL News.

New challenges

The development is a new challenge for an industry that is moving toward the mainstream. Wall Street has embraced cryptocurrencies as an asset class with the launch of a Bitcoin ETF. DeFi stalwarts like Solana and Aave are seeing growing revenues and expanding their businesses.

The last thing the cryptocurrency industry needs is a flood of fake applicants as the industry scales and demand for new employees surges.

The top 10 cryptocurrency exchanges, including Coinbase and Binance, posted more than 1,200 new positions in May alone. Layoffs are also slowing.

According to data from Layoffs.fyi, the number of job losses in the cryptocurrency industry decreased significantly in the first quarter of this year compared to the same period last year.

“They just added some new job titles to LinkedIn searches to stand out.”

——Karolis Kundrotas, Durlston Partners

“Everyone I know is either working on another project or doesn’t have the time,” Zak Cole, co-founder of cryptocurrency venture studio Number Group, told DL News. “How do we bring in new talent?”

The answer is - expand the search scope.

AI Search

Rather than turning to formal recruiting agencies, Cole and his co-founders screened applicants using an artificial intelligence tool called Applicant AI, which uses AI to flag keywords in resumes that matched their criteria.

The results were mixed. During a video interview with Number Group, a candidate who claimed to be a native Dutch speaker hung up when asked to communicate in that language.

Another candidate’s GitHub profile — the LinkedIn of programmers — was created just a month ago, yet they applied for a senior developer position.

On another resume, a candidate applying for a remote job listed a state prison in Texas as his home address.

When asked if they actually lived in prison, the candidate responded, “Yes.”

Cole’s biggest concern is making sure the applicants are who they say they are.

As he screened applicants and scheduled interviews, he said, he noticed a pattern: Many refused to turn on their cameras.

Video Calling

Often, what they say in the interview contradicts what is written on their resume. In other words, they are lying.

“They all had the same script,” said Cole, who said that if they were on camera, the background was blurred and they were calling from a room with other people.

Karolis Kundrotas, a cryptocurrency industry consultant at Durlston Partners, said many job applicants are copying real LinkedIn profiles.

“The experience is exactly the same, the education is the same as the real person,” he said. “They just added some new job titles to make it appear different in LinkedIn searches.”

Video calls are also important, Kundrotas said, because you can see if the other person quickly reads the additional information before responding.

In a video call shared with DL News, one candidate did just that.

The candidate expressed in-depth knowledge of non-fungible tokens (NFTs) and crypto games, but had never heard of Axie Infinity, one of the largest and best-known games in the industry.

This is obviously a huge danger signal.

Reject background check

Besides wasting a ton of time, these fake applicants undermine a major pillar of the cryptocurrency’s core philosophy.

Anonymity and pseudonymity are important values in cryptocurrencies. Project teams tend to refuse background checks and work at the speed of startups, which makes them prime targets for illegal recruitment schemes.

For this reason, Potts said 95% of his clients have stopped hiring pseudonymous developers.

“People underestimate how low barriers to entry are in crypto,” MetaMask’s Monahan said. “It’s not uncommon for random projects to actually hire people to do some work and then quickly promote them.”

This may be exactly what North Korean potential recruits are counting on.

Monthly salary of $60,000

Some secretive North Korean cryptocurrency employees earn up to $60,000 per month and hold multiple full-time and freelance jobs.

High earners can keep 30 percent of their income, with the rest going to Pyongyang authorities, the UN report said.

Given the extreme poverty in North Korea, these amounts are huge for individuals.

That’s why startups must remain vigilant.

“As long as this works, they will continue to post jobs on job forums, create resumes, and attack cryptocurrency companies and projects,” Monahan said.

Their work also has a geopolitical angle.

Erin Plante, vice president of investigations at Chainalysis, said there is evidence that North Korea partially funds its nuclear weapons program by hacking cryptocurrency sites. According to blockchain analysis firm Elliptic, North Koreas hacker group Lazarus Group attacked the Ronin Bridge in 2022 and stole $540 million.

In 2019, the U.S. Treasury Department’s Office of Foreign Assets Control sanctioned Lazarus.

If North Korea is using fake job applicants as part of this scheme, that would be a major problem, said Adam Zarzinski, CEO of blockchain analysis firm Inca Digital.

“It’s a silent war,” Zarzinski, a former U.S. Air Force judge, told DL News.

Original link

Original article, author:吴说。Reprint/Content Collaboration/For Reporting, Please Contact report@odaily.email;Illegal reprinting must be punished by law.

ODAILY reminds readers to establish correct monetary and investment concepts, rationally view blockchain, and effectively improve risk awareness; We can actively report and report any illegal or criminal clues discovered to relevant departments.

Recommended Reading
Editor’s Picks