Google experts spoke about threats to crypto companies from DPRK developers

What’s new? North Korean developers are increasingly taking jobs at foreign blockchain companies, exposing them to risks of hacking, extortion, and data breaches. According to Google Threat Intelligence Group advisor Jamie Collier, the primary target for DPRK IT workers remains the United States. However, increased regulatory awareness and work authorization issues have forced them to seek employment with companies outside the United States.

Google report

What else is known? Employees from the DPRK are infiltrating traditional web development projects and advanced blockchain applications, including smart contract development projects based on Solana and Anchor.

Developers from North Korea have also been identified in an unnamed blockchain job marketplace project and a web application based on blockchain and AI technologies.

“These individuals pose as legitimate remote workers to infiltrate companies and generate revenue for the regime. This places organizations that hire DPRK IT workers at risk of espionage, data theft, and disruption,” Collier said.

Media report on the mass employment of DPRK developers in crypto startups

Since at least 2018, North Koreans have been infiltrating companies to make money in the face of sanctions, as well as organizing hacks

Read more

A noticeable increase in scrutiny of companies in European countries has been revealed. Developers are creating fake identities and resumes that mention degrees from local universities.

The researchers also identified login credentials for the accounts of users of European job websites, instructions for navigating such websites, and traffickers of fake passports cooperating with DPRK developers.

Since late October last year, North Korean collaborators have become more active in extortion and targeting larger organizations. The reason is probably that they need to maintain the same income level in the face of US pressure.

“In these incidents, recently fired IT workers threatened to release their former employers’ sensitive data or to provide it to a competitor. This data included proprietary data and source code for internal projects,” Collier said.

In January, the US Justice Department indicted two North Korean nationals for their involvement in a fraudulent IT labor scheme that affected at least 64 US companies between April 2018 and August 2024.

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on companies that are fronts for North Korea and generate revenue through remote IT work arrangement schemes.

Crypto developers have also reported an increase in North Korean hacker activity, with at least three entrepreneurs reporting in March that they had prevented attempts to steal sensitive data through fake calls to Zoom.

Last August, blockchain analyst ZachXBT, known for its investigations into hacking and fraud in the crypto space, uncovered a sophisticated network of North Korean developers earning $500 000 per month in prominent crypto projects.