The U.S. government is increasingly alarmed about the thousands of North Korean tech workers that are being dispatched to American IT companies, including crypto firms, to earn revenue for North Korea and its weapons programs, violating U.S. and UN sanctions.
In a new advisory, the government outlined methods to detect undercover North Korean workers, who gain access to crypto-related software and apps and provide a backdoor for malicious cyber attacks by North Korean actors. These workers often conceal their North Korean identities, and in some cases, pretend to be American remote gig workers by using virtual private networks and servers or relying on IP addresses and identity documents from a third country.
"Hiring or supporting the activities of [North Korean] IT workers poses many risks, ranging from theft of intellectual property, data, and funds to reputational harm and legal consequences, including sanctions under both U.S. and U.N. authorities," the government said.
This follows up on an earlier governmental warning in April about the North Korean presence in the blockchain and crypto industry: "The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs)," the government advisory said.
According to the U.S. government, North Korean tech workers are abusing freelance work sites and payment platforms to get contracts with U.S. crypto and blockchain companies and surreptitiously entering the industry. To minimize the risks of a crypto firm accidentally hiring a North Korean, the U.S. government advises companies to avoid paying salaries in crypto, require biometric login verification, and conduct video interviews to verify the identity of an applicant.
The American government also said it was a red flag if an employee consistently requests their payments in crypto or routes their payments through Chinese bank accounts.
Recently, in a high-profile case, the North Korean cybercrime outfit Lazarus Group was behind the $625 million cryptocurrency heist of the Axie Infinity-linked Ronin bridge.
The group has stolen over $200 million a year in crypto since 2018, and uses illicit crypto heists to help fund North Korea's secretive programs for weapons of mass destruction and ballistic missiles, according to the U.N. Security Council.
According to Chainalysis, Ether accounts for almost 60% of all stolen crypto by North Korean cybercrime groups, while less than a fourth of the Hermit Kingdom's stolen crypto is in Bitcoin.
