Twenty per cent of global crypto companies likely have agents based in North Korea on their payroll, a leading cybersecurity expert warned at the DevConnect conference in Buenos Aires.
Pablo Sabbatella, founder of the Web3 security firm Opsek, noted in a discussion that the scope and scale of the issue are severe and not fully recognized across the industry. The problem, in his view, extends beyond isolated incidents and has evolved into a coordinated, multi-year campaign designed to steal cryptocurrencies while evading sanctions.
North Korea is one of the most heavily sanctioned countries in the world, and its economy remains almost entirely cut off from global trade, capital markets and international investment. To fund its massive military budget, the ruling regime has turned to cryptocurrency theft to bolster its cash-strapped state coffers.
Infiltration through job applications
An estimated 30% of all applicants to crypto engineering, development and security roles are North Korean attempts to enter companies, Sabbatella told attendees.
Recruiters operating for the regime turn to freelancers in countries such as Ukraine and the Philippines. These individuals act as "front workers" who grant North Korean spies access to their identities and personal computers in exchange for a small fee. Once an arrangement is set up, the front worker’s computer is infected with malware, giving the agents wider internet access and capabilities than those available in North Korea. Freelancing platforms such as Upwork and Freelancer have become significant sources of these schemes.
Model employees
Once inside the company, the North Koreans are high achievers who handle large volumes of work with no complaints. Their strong performance lowers suspicion and means they are less likely to be fired, even as agents obtain access to sensitive data and infrastructure.
The threat continues because of weak industry practices, Sabbatella argued. Crypto firms tend to have poorer operational security than traditional technology or financial businesses, in his view. Founders and crypto entrepreneurs are more likely to share sensitive information, mismanage private keys and fall victim to social engineering scams.
No end in sight
The US Treasury Department estimates that North Korean spies have stolen more than $3bn worth of digital assets over the past three years. Security experts believe most of it is used to fund the North Korean military’s nuclear programme, which as of 2024 stands at around 50 warheads according to the Federation of American Scientists (FAS).
Generative AI also poses a significant risk, as new tools and text-to-speech services give North Korea’s crypto-spy army even greater capabilities.
However, a low-tech trick might grant crypto employers a chance to catch them. The ruling regime of North Korea tolerates zero dissent or criticism. Simply asking a suspected spy what they think of the country’s leadership could save the day, as North Korean agents are terrified about speaking poorly of their real boss.
