Ex‑SEAL Warns: North Korean Crypto Infiltration Far Deeper Than Believed - Crypto Economy

TL;DR

• Up to 20% of cryptocurrency companies could have North Korean operatives working internally.
• Between 30% and 40% of job applications in the crypto sector originate from North Korean actors.
• The lack of operational security (OpSec) in crypto companies facilitates infiltration and the theft of billions.

Pablo Sabbatella, founder of the Web3 audit firm Opsek and a member of the Security Alliance, made an alarming statement, referring to the extent of North Korea’s operations in the cryptocurrency ecosystem as “much worse than everyone thinks.”

He made the claim in an interview with DL News, where he also revealed that North Korean infiltrators are reportedly embedded in up to 20% of all crypto companies globally.

The threat is not limited to external hacks, the expert assured, stating that these have already stolen over $3 billion in the last three years to fund Pyongyang’s nuclear weapons programs, according to the US Treasury. What is most concerning is the internal access: these operatives are hired by legitimate companies, gaining access to critical systems and operating infrastructures that support major platforms.

The rate of penetration attempts is even more alarming. The expert estimates that between 30% and 40% of job applications received by cryptocurrency companies come from North Korean actors. The magnitude of this infiltration effort, if the figures are correct, poses a colossal systemic risk to the sector.}


How North Korea Achieves Infiltration into Crypto Companies

North Korean workers do not apply directly for jobs due to international sanctions. Instead, they are experts at developing “fronting” methods to evade detection and thus infiltrate crypto companies.

They typically use freelance platforms like Upwork to contact unsuspecting remote workers in developing countries, especially in Ukraine and the Philippines, to act as intermediaries.

The offer is simple: the collaborator hands over their verified credentials or allows the North Korean operative to use their identity remotely, in exchange for 20% of the earnings, while the operative keeps 80%.

To circumvent geographical restrictions and obtain a US IP address, North Korean hackers infect their “front person’s” computer with malware to gain remote access. Once hired, they are often valued by companies. Sabbatella commented that “they work well, they work a lot, and they never complain.” A security measure he suggested to detect these infiltrators is to ask them for their opinion on Kim Jong Un, as “they are not allowed to say anything bad” about their leader.

Sabbatella concluded by attributing the success of North Korean criminal activities to the industry’s weakness. “The crypto industry probably has the worst operational security in the entire computer industry,” he stated, pointing out that founders are fully doxxed, mishandle their private keys, and are easy victims of social engineering. This lack of OpSec is the true Achilles’ heel that enables the alarming North Korean infiltration into crypto companies.