Security Expert Warns: North Korean Workers May Be Inside Many Crypto Companies
A cybersecurity expert has raised a serious warning: up to one-fifth of all crypto companies might unknowingly have North Korean workers inside their teams.
Pablo Sabbatella, founder of the web3 security firm Opsek and a member of the Security Alliance, shared this concern during Devconnect in Buenos Aires. He said the problem is much bigger than most people think—and far from isolated.
According to Sabbatella, when crypto companies review job applications, around 30% to 40% of the applicants are actually attempts by North Korea to infiltrate firms. These applicants often look legitimate, but their real goal is access—not employment.
How North Korea Gets Into Companies
Because sanctions prevent North Koreans from applying with their real identities, they use a different strategy. They hire people in other countries—such as Ukraine or the Philippines—to act as the “face” of the job application.
Here’s how it works:
- A real person applies for the job using their identity and documents.
- They pass interviews with help from North Korean agents.
- The worker lets the agent remotely use their computer.
- The North Korean agent takes most of the income—usually around 80% of the salary.
Many U.S. companies are specifically targeted. The North Korean agents often pretend to be Chinese applicants who struggle with English and need help during interviews.
During this process, the local “front worker’s” computer is infected with malware, giving the agent access to U.S. IP addresses and the wider internet—something they can’t get inside North Korea.
Once hired, these workers usually stay for a long time. They work hard, produce good results, and never complain. That behavior makes companies trust them more, giving them access to sensitive systems.
A Weak Security Culture Makes Things Worse
North Korea has already stolen over $3 billion in cryptocurrency in the last three years, according to U.S. Treasury data. These stolen funds directly support the country’s nuclear weapons program.
Sabbatella said the crypto industry’s weak security practices make these attacks easier. Many founders expose too much personal information, handle private keys carelessly, and fall victim to manipulation. Compared to other tech industries, he said, the crypto space has far weaker operational security.
