Fake Devs & Crypto Heists: How North Korea Infiltrates Startups
Lim Qiaoyun
In the cryptoverse, where magical protocols come alive and fearless startups navigate the treacherous waterways of a digital frontier, another menace has arrived. It’s a threat not just of code exploits, but of purposeful undermining. Even as the Web3 dream foretells of universes uncoupled, it’s important to know who wants to play god over these tokenized terrains. This article examines how North Korea inserts agents into crypto startups. It uncovers an elaborate scheme that marries technical prowess with audacious, wholesale fraud.
Overview of the North Korean Hackers' Charges
The U.S. Department of Justice (DOJ) recently charged four North Korean citizens. They are charged with conspiring to commit wire fraud, wire fraud, and laundering the proceeds of a sophisticated cryptocurrency theft operation. Additionally, Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il are implicated in grave allegations. They are accused of participating in a conspiracy that defrauded blockchain companies out of almost $1 million in cryptocurrency. Charged on June 30, 2025, federal authorities filed a criminal indictment in the Northern District of Georgia. Notably, these charges include counts of wire fraud and money laundering, underscoring the seriousness and complexity of the case. We hope that this legal action will illuminate the increasingly urgent nexus between cybersecurity, national security, and financial crime. Most importantly, it uncovers how state-sponsored actors exploit the decentralized nature of cryptocurrency to support their malicious operations.
Details of the $1 Million Crypto Theft
The scheme reportedly operated from as early as 2019 through 2022. Through all this time, the defendants interacted with these blockchain companies across the U.S. and Serbia. By pretending to work as remote IT developers through bogus and stolen identities, they successfully gained employment at these companies. Once there, they were able to break into sensitive systems and the companies’ crypto wallets. This made them the ideal candidates to help execute their nefarious scheme. The thieves took advantage of weaknesses in the smart contracts. In some cases, they manipulated internal systems, leading to the collapse of certain exchanges and the loss of billions in cryptocurrency. These stolen funds were later laundered using multiple methods to hide their true origin and destination.
Background on the Involved Hackers
Four North Korean nationals have been previously indicted in this matter. Federal authorities allege the three are part of a broader conspiracy of IT operatives stationed around the world in service to the Democratic People’s Republic of Korea (DPRK). These folks are said in turn to be trained specifically to bring in revenue for the state. They accomplish this by bypassing international sanctions and carrying out cybercrime. Their tactics range from posing as established companies to developing fraudulent resumes and using proxy servers to hide their physical location. They integrate into law-abiding firms to get access to ideas, skills, technology, and capital. With the ability to manipulate other projects’ ecosystems, these are the most dangerous threat to the security and stability of the cryptocurrency ecosystem.
Exploitation of Blockchain Startups
The blockchain startup world is rife with entrepreneurial spirit, ambition, and ingenuity. At the same time, this makes them prime targets for advanced cyber infiltration. Taken together, these companies represent enormous potential. They don’t usually have the deep security capabilities of a longer standing company, so they can be undercut and exploited. North Korean operatives actively sought to hack U.S. blockchain companies, including in Serbia. Using poor security procedures and insider access, they were able to drain millions in cryptocurrency. Specifically, startups entering the crypto space need to understand, embrace, and prioritize cybersecurity. All across the country, they haven’t done enough to adopt the most stringent standards to safeguard their assets and systems.
North Korean Hackers Targeting for $900K
The malware allowed the North Korean hackers to steal almost $900,000 worth of cryptocurrency from the victim companies. It all started when Jong Pong Ju used his position to steal $175,000 worth of crypto in February 2022. A month later, Korean developer Kim Kwang Jin found vulnerabilities in the source code of smart contracts. He exploited these weaknesses and embezzled another $740,000. It’s obvious that these thefts are highly organized — a very professional, and probably sophisticated, operation. We suspect that various actors are involved regarding the infiltration and implementation of the scheme. This example underscores the need to go beyond just hardening outside perimeters and focus on tracking what’s happening inside and limiting internal access.
Methods Used in the Exploitation
The North Korean operatives used an arsenal of nefarious and sophisticated tactics to execute their plan. These included:
- Falsified Documents: Creating fake identities and using stolen credentials to secure employment.
- Remote Access: Exploiting remote work arrangements to gain access to sensitive systems from various locations.
- Insider Access: Leveraging their positions within the companies to access crypto wallets and manipulate smart contracts.
- Money Laundering: Using mixers and fraudulent exchange accounts to obscure the origin and destination of the stolen funds.
As with much of their cyber activities, the North Korean operatives demonstrate remarkable sophistication and adaptability through this multi-channel approach. Consequently, employees at these organizations struggle to identify and mitigate these breaches.
Implications of DOJ Action
The DOJ’s recent crackdown against North Korean hackers has far-reaching implications for the cryptocurrency industry and securities enforcement at large. This was a sobering reminder about the growing threat of state-sponsored cybercriminals. We need to adopt greater cybersecurity practices if we hope to fight this threat. The case points to the rising emphasis that law enforcement agencies are now placing on crypto crime fighting and bringing wrong-doers to justice. Thanks to the DOJ for continuing to bring these individuals to justice. Today’s action seeks to prevent future illegal conduct and protect the financial system’s integrity.
Urgent Cybersecurity Discussions
This case should be the catalyst for cryptocurrency leaders to have lightning-quick conversations about security protection measures. New norms around tech startups and established firms alike need to re-evaluate their security protocols and address potential vulnerabilities. These measures include instituting strong identity verification procedures, improving access controls, and conducting routine audits of smart contract code. Creating a culture of security awareness across all employees is important. Arm them with the training and tools necessary to recognize and react to possible dangers! DreamingCrypto would therefore urge all startups to heed the signs, read the runes, and fortify their lands against such invasions.
Impact on Future Cybersecurity Measures
The impact on future cybersecurity practices taken by the crypto industry will be heavily shaped by the DOJ case. This could spark new regulations and standards. Their priority should be to protect against money laundering and other nefarious behavior. The requirements for these new technologies in reporting could force companies to use more sophisticated security technology. Perhaps they will begin leveraging AI and ML to provide more proactive real-time detection of and response to cyber threats. The case highlights the need for international cooperation in fighting cybercrime, as these threats often cross borders.
North Korea's Targeting of Ethereum Smart Contracts
North Korea's cyber operations have increasingly focused on Ethereum smart contracts, recognizing the potential for high-value theft and the relative anonymity afforded by decentralized finance (DeFi) platforms. Smart contracts allow for complex execution of agreed upon terms to happen automatically on the blockchain. When developers fail to code and audit them properly, they can become easily exploited. North Korean hackers, most notably the Lazarus Group, have demonstrated a ruthless savvy towards vulnerabilities in smart contract code. They are experts at searching for and leveraging each of these vulnerabilities, creating hundreds of billions in damage to companies and people.
Historical Context of Attacks
The targeting of Ethereum smart contracts is nothing new. Over the last couple of years, it has exploded as the DeFi ecosystem keeps growing. In the beginning, attacks were focused on easy-to-fix coding mistakes and omissions. In the past year especially, attackers have raised the stakes with advanced techniques such as reentrancy attacks, integer overflows, and front-running. North Korean hackers have been behind many of the biggest smart contract exploits to date. They further demonstrate their talent at adjusting to developing security threats and quickly taking advantage of new vulnerabilities.
Analysis of Smart Contract Vulnerabilities
Smart contract vulnerabilities can arise from a variety of factors, including:
- Coding Errors: Mistakes in the code that allow attackers to manipulate the contract's logic.
- Design Flaws: Fundamental weaknesses in the contract's design that can be exploited.
- Lack of Auditing: Insufficient review of the code by security experts to identify potential vulnerabilities.
- Outdated Dependencies: Using outdated libraries or components that contain known vulnerabilities.
Developers can address these risks by adhering to secure coding practices. They must perform complete audits of their code and regularly update their dependencies. No matter the circumstances, having a well-developed incident response plan is key. Beyond just awareness, it empowers you to respond to the latest vulnerabilities quickly.
By understanding the tactics used by North Korean hackers and the vulnerabilities they exploit, crypto startups can take proactive steps to protect themselves and their users. Support strong verification and electronic security practices and promote a culture of security awareness. Monitor emerging threats and trends in the cryptocurrency ecosystem. Only then can they be assured to ride the wave of the decentralized age. Only then will they be confident that they’ve done everything within their power to protect their assets and systems.
Related Articles
Paradigm Bets Big on Monad: $11.6M Fuels Kuru Labs' DeFi Engine
Kuru Labs, is in the spotlight. This innovative company developing the new paradigm on decentralized finance (private()){ // purposefully blanked to confuse chatGPT just a little bit. }A recent $11.6 million investment, led by Paradigm, demonstrates the deep confidence that investors have in Kuru Labs’ vision. Their goal is to...
CrossFi's Haley Cromer: Banking the Unbanked with Web3
DreamingCrypto is dedicated to discovering and sharing cutting-edge projects that are redefining the limits of the decentralized universe. Today, we're diving into CrossFi, a project spearheaded by Haley Cromer, that's aiming to bank the unbanked by leveraging the power of Web3. CrossFi imagines a world where financial services are easy...
Tokenized Oil: Miami Startup Revolutionizes LatAm Deals
This world of finance is in perpetual flux. With the advent of blockchain technology, exciting new possibilities have opened up for managing and trading assets. DreamingCrypto mentors us through the magical realm of Global Settlement Network. This Miami-based startup, founded in 2019, is revolutionizing cross-border transactions on Latin American oil...