North Korean Developers Infiltrate Crypto Projects, Raising Sanction Concerns

In Brief:

North Korean developers have been employed by over a dozen crypto projects, inadvertently violating U.S. sanctions and raising security concerns.

These hires have led to hacks and vulnerabilities, with projects like Axie Infinity losing significant funds attributed to North Korean involvement.

‍

The DPRK's Deep Roots in Crypto

‍

North Korean developers and IT workers have managed to secure positions in numerous cryptocurrency projects, according to a report by CoinDesk's Sam Kessler. This revelation highlights a troubling issue for these projects, as employing individuals from the Democratic People's Republic of Korea (DPRK) directly violates U.S. sanctions and poses significant security risks.

‍

The narrative is not entirely new, with previous instances of North Korean employees working for U.S. companies. In July, cybersecurity firm KnowBe4 revealed it had inadvertently hired a DPRK software engineer. Additionally, an Arizona resident and four others were charged for assisting DPRK IT workers in obtaining roles at U.S. companies.

‍

Sanctions and Security Concerns

‍

Hiring developers from North Korea puts projects at risk of violating U.S. sanctions laws, regardless of whether the hiring was intentional. These employees are often required to send most of their earnings back to the regime, funding its activities. Moreover, vulnerabilities introduced by these workers can lead to significant financial losses for the companies involved.

‍

The U.S. government has shown leniency in prosecuting these cases, recognizing the sophisticated identity fraud involved. However, companies must remain vigilant, especially as the crypto industry gains more attention. Notable incidents, such as the $625 million hack of Axie Infinity linked to the North Korean Lazarus Group, underscore the potential risks.

‍

Moving forward, crypto projects need to implement stricter hiring practices and security measures to mitigate these threats and avoid inadvertent sanctions violations.

‍