North Korean IT Workers Linked to Crypto Hacks

On-chain sleuth ZachXBT claims that North Korean IT workers are responsible for at least 25 incidents of hacking and ransomware exploitations related to companies in the crypto industry.

Summary

• ZachXBT claims that at least 25 attacks and exploitation incidents in the crypto sphere have been linked to North Korean IT workers.
• Many U.S. crypto firms have been warned against hiring North Korean IT workers who may be trying to gain insider access.

In a post responding to Amjad Masad, CEO of AI coding platform Replit, blockchain investigator ZachXBT highlighted how North Korean IT workers have been responsible for a large number of crypto-related hacks and extortion schemes involving crypto firms.

On Sept. 25, Masad shared a video on X showing how North Korean remote workers, primarily in the IT field, used AI filters and interview cheat tools to secure jobs in major U.S. crypto firms.

> “Just learning that North Korea flooded the US market with remote IT workers for profit, not to infiltrate or spy! They use AI filters and interview cheating tools to get jobs,” said Masad.

ZachXBT countered Masad’s perspective, arguing that these efforts are not benign. He stated that many North Korean IT workers utilizing AI to cheat interviews could have malicious intentions.

> “At minimum, there’s 25+ instances of DPRK ITWs hacking or extorting teams for funds,” ZachXBT emphasized, sharing past research that indicates numerous crypto projects were compromised by North Korean hacking groups infiltrating from within.

He added, “Granted all of those companies were related to crypto.”

ZachXBT Claims North Korean IT Workers Mostly Use USDC

This isn’t the first alert from ZachXBT regarding North Korean IT workers. In July, he noted that North Korean hackers have used USDC to funnel millions in illicit payments. The allegations emerged as Circle filed for a national trust bank charter, which would empower it to manage USD Coin reserves.

ZachXBT criticized Circle for not addressing the issue despite the transparency of transactions. As hacks related to North Korean actors continue, prominent figures in the crypto space are urging the community to be cautious about hiring remote North Korean workers.

Former Binance head Changpeng “CZ” Zhao recently warned of North Korean hackers disguising as job applicants to infiltrate top crypto firms. He highlighted tactics such as:
– Fake job applications to gain insider access.
– Masquerading as recruiters to approach existing employees, often claiming technical issues during early interviews, then asking victims to download malicious software through shared links.

This alarming trend underscores the need for vigilance in hiring practices within the crypto industry.