Suspected North Korean operatives are allegedly using fake job applications to infiltrate web3 projects, siphoning off millions and raising security concerns.
In recent years, blockchain and web3 have been at the forefront of technological innovation. However, with great innovation comes significant risk.
Recent revelations uncover a sophisticated scheme by operatives suspected to be affiliated with the Democratic People’s Republic of Korea (DPRK) to infiltrate the sector through fake job applications, raising alarms about the security and integrity of the industry.
Economic motives and cyber strategies
North Korea’s economy has been severely crippled by international sanctions, limiting its access to crucial resources and hindering its ability to engage in global financial transactions.
To circumvent these sanctions, the regime has employed methods like illicit shipping practices and using front companies. However, one of the most unconventional methods is its reported use of a cybercrime warfare program.
TRM Labs reported that North Korea was responsible for stealing around $3 billion worth of cryptocurrency since 2017, with losses in 2023 alone totaling at least $600 million.
The modus operandi: fake job applications
Media reports and government agencies highlight how DPRK operatives have perfected the art of deception to secure remote jobs in crypto and blockchain companies worldwide.
An Axios story from May 2024 details how North Korean IT specialists use forged documents and fake identities to infiltrate sensitive roles in the blockchain sector.
300 companies affected by fake remote job application scam
The U.S. Justice Department revealed that over 300 U.S. companies were duped into hiring North Koreans through a massive remote work scam.
These operatives used stolen American identities to pose as domestic technology professionals, generating millions of dollars in revenue for North Korea.
An Arizona woman, Christina Marie Chapman, allegedly facilitated the scheme by creating a network of “laptop farms” in the U.S. that helped the operatives appear as though they were working domestically.
Notable incidents and investigations
Case 1: Light Fury’s $300K transfer
ZachXBT highlighted an incident involving a North Korean IT worker using the alias “Light Fury.” The operative allegedly transferred over $300,000 to Kim Sang Man, who is on the OFAC sanctions list, from his public Ethereum Name Service (ENS) address.
Case 2: the Munchables hack
In March 2024, four developers, suspected to be the same North Korean individual, were hired to create smart contracts for the GameFi project Munchables. They coordinated an attack that resulted in a $62.5 million loss.
The operatives exploited their control over an upgradeable proxy contract to manipulate a balance of 1 million Ethereum, eventually transferring $62.5 million into their wallets.
Case 3: Holy Pengy’s hostile governance attacks
Governance attacks have been another tactic. One alleged perpetrator, Holy Pengy, also known as Alex Chon, was linked to hostile governance attacks against Indexed Finance and Relevant.
Case 4: Suspicious activity in Starlay Finance
In February 2024, Starlay Finance experienced a breach, leading to unauthorized withdrawals from its liquidity pool on the Acala Network, raising suspicions about possible North Korean involvement.
Analyst @McBiblets raised concerns about two developers, David and Kevin, linking their activities to other GitHub accounts and suggesting possible North Korean ties.
Implications for the blockchain and web3 sector
The proliferation of suspected DPRK agents in key jobs poses risks to the blockchain and web3 sector, not just financially but also in terms of data breaches and intellectual property theft.
These infiltrators could implant malicious code, compromising entire networks. Crypto companies must now rebuild trust in their hiring processes and potentially lose millions to fraudulent activities.
The funds funneled through these operations often support North Korea’s nuclear ambitions, complicating the geopolitical landscape.
The community must prioritize stringent vetting processes and better security measures to safeguard against these deceptive job-hunting tactics.
Enhanced vigilance and collaboration across the sector are crucial to thwart malicious activities and protect the integrity of the blockchain and crypto ecosystem.
