The DPRK's Deep Roots in Crypto

North Korean developers have worked for a surprisingly large number of crypto projects.

North Korean developers have been hired by a surprisingly large number of crypto projects.

CoinDesk's Sam Kessler reported last week that developers and IT workers employed by the Democratic People's Republic of Korea – i.e. North Korea – have managed to get themselves hired by a number of crypto projects, giving them two different ways of raising funds for the national regime.

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

The narrative

CoinDesk reporter Sam Kessler found that more than a dozen different crypto companies and projects – including some well-known ones – inadvertently hired developers and IT workers from the Democratic People's Republic of Korea (aka North Korea), something that's troubling on a number of levels for these projects.

Why it matters

Being that North Korea is under heavy sanctions, hiring developers from the country would put a project in violation of U.S. law. It also seems clear that some of these employees enabled the projects they worked for to be hacked.

Breaking it down

This isn't a new problem when it comes to North Korean employees working for U.S. companies. In July, cybersecurity firm KnowBe4 published a blog post explaining how it accidentally hired a DPRK software engineer. A few months before that, an Arizona resident and four others were charged by prosecutors with helping DPRK IT workers land roles at U.S. companies.

These employees send (or are forced to send) most of their paychecks to the regime, which in turn helps the DPRK continue its various activities. Projects that are compromised by vulnerabilities inserted by these employees also risk losing more funds to North Korea. It's not just a hypothetical concern; prosecutors have brought various charges alleging DPRK-affiliated IT workers were able to compromise companies.

Sanctions concerns first: Any company that hires an employee based in North Korea violates U.S. sanctions law. It doesn't necessarily matter if this hiring was inadvertent – the companies can be prosecuted regardless.

Kessler reported that, so far at least, the U.S. government "has been lenient about bringing charges – on some level acknowledging that they were victims of, at best, an unusually elaborate and sophisticated type of identity fraud."

It's still something companies will have to pay closer attention to as they move forward, especially with crypto gaining increasing attention in recent months.

Companies also need to be concerned with getting hacked by the DPRK, which again is not just a hypothetical concern. Axie Infinity is perhaps one of the most prominent examples of how easily hackers can steal funds from a crypto company after just a small mistake. Axie was hacked in March 2022, losing $625 million at the time. U.S. officials tied North Korean hacking group Lazarus to the theft a month later.

Several other projects were hacked after employing DPRK IT workers, Kessler reported, including Sushi Finance.

Sam's entire report is worth your attention – I'm re-linking it here – and it would behoove companies to consider how to mitigate these kinds of risks moving forward.

Stories you may have missed

This week

Wednesday

Elsewhere:

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at nik@coindesk.com or find me on Twitter @nikhileshde.

You can also join the group conversation on Telegram.

See ya’ll next week!

Edited by Harris Anzji Harris Anzji is a CoinDesk editor covering institutional crypto, Web3 and Layer 2. He previously worked at Blockworks and FX Street.

Nik De is managing editor for global policy and regulation at CoinDesk, where he covers the intersection of cryptocurrency and government, institutions and regulators. He also covers regulatory and legal developments in Web3 and digital assets broadly. Nik owns a small amount of bitcoin and ether.

Our standards:Disclosure

Please note that our privacy policy, terms of use, cookies and do not sell my personal information policies apply to CoinDesk.com, but not to third party sites. CoinDesk is fully owned by Digital Currency Group, which also owns and operates Genesis Trading, CoinDesk Indices, Luno, and Grayscale.

The above is the detailed content of The DPRK's Deep Roots in Crypto. For more information, please follow other related articles on the PHP Chinese website!