You’re perusing State of Crypto, our CoinDesk newsletter focusing on the crossroads between cryptocurrencies and governance.
Click here for future issues to subscribe.

DPRK IT workers

The narrative

As an analyst, I uncovered evidence indicating that over a dozen cryptocurrency firms and initiatives, some of which are widely recognized, inadvertently recruited developers and IT personnel from the Democratic People’s Republic of Korea (also known as North Korea). This discovery raises concerns on multiple fronts for these projects.

Why it matters

Working with developers from North Korea could potentially place a project in conflict with U.S. laws due to heavy sanctions imposed on the country. Moreover, it appears that some of these workers may have facilitated cyber attacks against the projects they were involved with.

Breaking it down

It’s not a novel issue that North Korean workers are employed by American businesses. Recently, in July, cybersecurity company KnowBe4 disclosed in a blog post how they unintentionally hired a software engineer from the Democratic People’s Republic of Korea (DPRK). Prior to this, an Arizona resident and five others were indicted by prosecutors for assisting DPRK IT workers in securing jobs at American companies.

Many of these workers remit a significant portion of their earnings to the government, thereby indirectly funding the DPRK and its diverse operations. The projects they work on, potentially with embedded weaknesses due to their actions, may also face increased financial losses for the company, unintentionally benefiting North Korea. This is not just a theoretical issue; there have been actual charges filed against IT workers believed to be connected to the DPRK, implicating them in compromising various companies.

A crucial point about sanctions: Employing someone residing in North Korea is a clear breach of U.S. law regarding sanctions. This rule applies even when the hiring might have been unintentional. The companies could still face legal consequences.

According to Kessler’s report, the U.S. government has shown a degree of leniency when it comes to filing charges, suggesting that they understand these individuals may have been tricked by a highly complex and advanced form of identity fraud at worst, or an unusually sophisticated one at best.

As I delve deeper into my research, it becomes increasingly clear that companies must keep a keen eye on emerging trends, particularly the surging interest in cryptocurrencies over the past few months.

Companies should be mindful of potential cyberattacks from the Democratic People’s Republic of Korea (DPRK), as this is not merely a theoretical concern. Axie Infinity serves as a striking illustration of how even a minor oversight can lead to the theft of substantial funds from a cryptocurrency business. The platform was breached in March 2022, resulting in a loss of $625 million at that time. U.S. authorities linked the North Korean hacking group Lazarus to the heist a month later.

According to Kessler’s report, it was discovered that other projects were compromised following the employment of IT workers from North Korea, with Sushi Finance being one of them.

Sam’s entire report is worth your attention – I’m re-linking it here – and it would behoove companies to consider how to mitigate these kinds of risks moving forward.

Stories you may have missed

This week

Wednesday

Elsewhere:

As a researcher, I’m eager to hear your insights and queries for the upcoming discussion. If you have any suggestions or feedback, please don’t hesitate to reach out via email at nik@coindesk.com or connect with me on Twitter @nikhileshde. I look forward to engaging with you!

You can also join the group conversation on Telegram.

See ya’ll next week!