A Silent Infiltration of the Crypto Industry
According to a warning issued by the Security Alliance, North Korean operatives may already be working inside 15–20% of crypto companies worldwide. The threat is not based on network intrusion but on human infiltration, where attackers embed themselves within organizations as legitimate employees.
Even more alarming, experts believe that 30–40% of job applications to crypto companies may come from malicious actors linked to North Korea.
How the Identity Scheme Works
Due to international sanctions, North Korean citizens cannot openly apply for jobs on platforms like LinkedIn or other global employment networks. To bypass these restrictions, they first recruit so-called “fronts” — individuals in other countries who agree to lend their identity.
In exchange, the front receives around 20% of the income, while the remaining 80% is transferred to North Korean operators. These arrangements allow the hackers to work remotely for crypto companies under a false identity, often undetected for long periods.
Once inside an organization, they may gain access to sensitive code, infrastructure, private keys, or internal security procedures.
A Growing Insider Threat
Unlike traditional cyberattacks that exploit code vulnerabilities, this method targets human trust. The attacker is not breaching from the outside but operating from within, with legitimate credentials and access rights.
This makes detection extremely difficult, especially in a remote-first industry where team members may never meet in person.
Security Alliance warns that this threat is especially dangerous for:
DeFi protocols
Infrastructure providers
Crypto exchanges
Custody services
Blockchain development teams
A single insider with privileged access could cause irreversible damage.
A Controversial but Practical Detection Tip
In a controversial example, Security Alliance suggested that if a company suspects an insider threat, a direct political question about Kim Jong-un may reveal hesitation or fear in the response.
Whether or not this method is ethical or effective, it highlights the extreme difficulty companies face when trying to verify a person’s true identity and background in a decentralized, global workforce.
Why Crypto Is a Prime Target
Cryptocurrency companies are especially vulnerable because they often:
Operate fully remote
Lack strict KYC for employees
Move large amounts of digital assets
Rely on anonymous or pseudonymous contributors
Use open-source collaboration tools
For state-sponsored actors seeking foreign revenue, access to crypto ecosystems provides both money and leverage.
What Companies Can Do Now
In response to the rising threat, Security Alliance recommends:
Enhanced background verification
Multi-step identity checks
Behavioral monitoring of privileged accounts
Stricter access controls
Regular internal security audits
Crypto firms are also urged to reduce blind trust and increase layered defenses, both technical and organizational.
A Wake-Up Call for the Industry
The warning from Security Alliance signals a new phase in cyber risk: the age of insider infiltration. In an industry built on trust, decentralization, and freedom, the very openness of crypto may now be its greatest vulnerability.
As geopolitical tensions rise and digital borders blur, protecting against human infiltration may become just as important as defending smart contracts.
