North Korean Operatives Are Posing as A+ Software Developers to Hack Your Crypto

North Korea Hacker

North Korean Operatives Are Posing as A+ Software Developers to Hack Your Crypto

Date: 20 Jul 2022

North Korean hackers are posing as top-notch candidates. This is so they are employed in Web3 companies where they can steal all of the digital assets of the companies that hire them, says Neil Dundon of Cryptorecruit.

Our experience at Cryptorecruit has taken a seriously weird turn when it comes to North Korean hackers. We are at the coalface of this issue, and we are dealing with it every day.

North Korean hackers make themselves known

We first noticed it back in early 2020, although it may have been going on longer. It was around the time when the Crypto markets went into full bull mode. Hiring in the space was taking off at unprecedented levels.

Whenever we hired a new consultant here at Cryptorecruit, the new consultant would often tell the rest of us about a super strong candidate they had. I would immediately recognize it as a fake profile – much to the new consultant’s dismay.

It takes a bit of time to figure out these profiles. But then it clicks – like clockwork. On every single fake profile, there are some tell-tale signs that things aren’t as they seem.

We have thoroughly tested these profiles. The language they use is almost exactly the same – as though they are reading from a script. It’s like they are operating out of a call centre – which is, of course, most likely based in North Korea.

Samples of fake profiles:

Tell Tale Signs

The profile picture is the ultimate giveaway. Recruiters just have to look at the headshot – they often claim to be Japanese. But, you quickly realize they are not. What is most telling is the vacuous look in their eyes. It is as though they are robots, or at least generated by some AI tool and thus have no soul.

Usually there is not a phone number to been seen, but if there is a phone number, it’s a U.S. number. They will jump on a call with you but it’s usually on Skype. When you do connect, you have to insist they turn on their camera. When you get them in view –they actually look like robots. It’s the strangest thing!

North Korean Hackers and the jobs they want

The jobs these operatives apply for usually take the title of Solidity developer, blockchain developer, or anything Web3-related.

The LinkedIn profiles use a very familiar and identifiable template. Such templates are full of the most beautiful keywords that a recruiter or employer could hope to see.

If you post a job ad, you can be sure that these profiles will auto-reply to it. The truth is that any Solidity developer worth their salt is not applying for jobs. They are getting targeted and have multiple opportunities at any one time. So, there’s no need to apply. This is probably the biggest red flag. If their profile looks great, with years of Solidity experience, then be careful. Of course, there are exceptions to the rule.

What are their motivations?

Their motivation is to get paid in crypto and to hack defi protocols. It can take months to figure out that a developer isn’t any good. By this stage, they’ve probably been paid $30k+ and had access to many of your internal systems. They have possibly built relationships and coerced other employees.

Multiply this by the hundreds if not thousands of fake profiles and Kim Jong Un is bringing in some pretty decent revenue to fund his nuke program.

I personally believe that it is employers hiring these candidates directly that has led to some of the major hacks across the crypto space. In fact, it has been determined that the $600m Axie infinity hack was from North Korean hackers.

How can you protect yourself? Look out for the red flags mentioned here. Be suspicious as ultimately a candidate needs to prove to you who they are, and what they can do.

You are paying their salary after all. If you’re still not sure hit me up with their Linkedin profile, and I’ll let you know.

About the author

Neil Dundon is the founder of Cryptorecruit and has over 15 years of experience specializing in recruitment. Cryptorecruit has been in the crypto space since early 2016. Dundon understands what drives sentiment within space, whether that be developers’ motivations for shifting course within blockchain companies, or your average Wall Street executive looking to enter the space.

Back to News

You might be interested in...