North Korean Crypto Infiltration Is Much Worse Than Everyone Thinks, SEAL Member Says – DL News

North Korea’s crypto infiltration is much worse than anyone thinks.

Pablo Sabbatella, founder of auditing firm web3 opsek and current member of the Security Alliance, dropped a bombshell at Devconnect in Buenos Aires: North Korean infiltrators are embedded in up to 20% of all crypto companies.

“North Korea is much worse than everyone thinks,” Sabbatella said in an interview with DL News. What’s even more alarming is that Sabbatella estimates that between 30% and 40% of the applications crypto companies receive are from North Korean agents attempting to infiltrate these organizations.

If these estimates are accurate, the scale of the potential damage is staggering.

Moreover, the extent of North Korean penetration is not limited to the theft of funds by hackers, although they have gotten away with billions. Rather, it is about hiring workers at legitimate companies, gaining access to the systems and operating infrastructure that underpins large crypto companies.

North Korean hackers have stolen more than $3 billion in cryptocurrency over the past three years using sophisticated malware and social engineering, the U.S. Treasury Department said in November.

The funds were then used to finance Pyongyang’s nuclear weapons programs.

How they are hired

For the most part, North Korean workers do not apply for jobs directly because international sanctions make that impossible.

Instead, they find unsuspecting remote workers from around the world to serve as fronts. Some of them now act as recruiters who bring in collaborators from outside North Korea to work under assumed identities.

According to a recent Security Alliance report, these recruiters are using freelance platforms like Upwork and Freelancer to reach individuals around the world, including in Ukraine, the Philippines and other developing countries.

The pitch is simple. Hand over your verified account credentials or let the North Korean actor use your identity remotely. In exchange, the employee receives 20% of the earnings. The North Korean agent keeps 80%.

Many North Korean hackers target the United States, Sabbatella said.

“What they do to get hired is find someone in the United States to be their ‘front end,'” Sabbatella said. “So they pretend to be someone from China who can’t speak English, but they need an interview.”

They then infect the high-profile person’s computer with malware, giving them access to a U.S. IP address and far more of the Internet than they could reach from North Korea.

Once hired, companies keep them because they keep their promises.

“They work well, they work hard and they never complain,” Sabbatella said. DL News.

So how can a company know if it employs a North Korean hacker?

“Ask them if they think Kim Jong Un is a creep or something bad,” Sabbatella said. “They have no right to say anything bad.”

Operational security

However, North Korea’s successful criminal efforts are not simply the result of clever social engineering.

That’s because crypto companies – and users – are making it easier for them.

“The crypto industry probably has the worst opsec in the entire IT industry,” Sabbatella said. Crypto founders are “fully doxxed, do a terrible job of keeping their private keys secure, and are easily victims of social engineering.”

Operational security, or OPSEC, is a systematic process of identifying and protecting critical information from adversaries.

The lack of operational security creates an environment in which “every person’s computer will be infected with malware at some point in their life,” Sabbatella said.

Update: This story has been updated to reflect that North Korea is not lagging behind 30 to 40 percent in crypto applications, Sabbatella said, but that those numbers refer to job applications.

Pedro Solimano is DL News“Markets correspondent based in Buenos Aires. Do you have any advice? Send him an email at psolimano@dlnews.com.