Cryptocurrency firms must bolster their defenses against North Korean hackers attempting to infiltrate significant Web3 companies for large-scale attacks, according to security experts who spoke to Cointelegraph.
Employing North Korean developers could expose a crypto project’s infrastructure to risks of hacks and data breaches like the Coinbase incident in May, which compromised the wallet balances and locations of approximately 1% of the exchange’s monthly users, potentially leading to reimbursement costs of up to $400 million for the exchange.
To combat this rising threat, the sector needs to implement improved wallet management practices, real-time AI monitoring for early detection of exploits, and stricter employee vetting processes, according to crypto security professionals interviewed by Cointelegraph.
“Organizations must take the DPRK [Democratic People’s Republic of Korea] IT worker risk seriously,” advocating for “in-depth background checks and stringent role-based access,” stated Yehor Rudytsia, head of forensics and incident response at blockchain cybersecurity firm Hacken.
Crypto firms should adhere to “CCSS practices for wallet operations (dual control, audit trails, identity verification),” Rudytsia advised Cointelegraph. “Moreover, enhance logging, monitor for unusual activities, and frequently review cloud configurations. The principle is straightforward: continuously verify, monitor, and avoid relying solely on trust.”
Dual wallet control refers to a multisignature wallet requiring multiple key holders to authorize a transaction.
Although most North Korean developers are not malicious actors, their salaries contribute to a regime that poses a significant cybercrime threat to the cryptocurrency sector.
Related: Circle explores ‘reversible’ USDC transactions in break from crypto ethos
A week ago, Binance co-founder Changpeng Zhao raised alarms about the increasing threat from North Korean hackers infiltrating crypto enterprises through job offers and bribery.
This alert followed the release by an ethical hacker group called Security Alliance (SEAL), which disclosed profiles of at least 60 North Korean agents masquerading as IT professionals under false identities, looking for jobs in the US.
This repository included crucial data on North Korean impostors, such as aliases, fake names and emails, as well as both real and fabricated citizenship details, addresses, locations, and the number of companies that employed them.
Related: World Liberty adviser bets millions as corporate treasuries fuel AVAX rally
Real-time AI threat monitoring can save crypto companies from data breaches
Experts also recommend incorporating artificial intelligence for immediate threat detection.
“North Korean IT workers penetrate crypto firms to gain insider access for transferring stolen funds or stealing data,” Deddy Lavid, co-founder and CEO of blockchain cybersecurity firm Cyvers, told Cointelegraph, adding:
“The Coinbase breach was a warning. Proactive, AI-driven monitoring is essential to prevent the next one.”
Lavid indicated that AI-based anomaly detection in hiring, as well as linking onchain and offchain data, could provide additional protection to firms.
In June, four North Korean operatives infiltrated several crypto companies as freelance developers, collectively stealing $900,000 from these startups, underscoring the severity of the threat.
Magazine: Thailand’s ‘Big Secret’ crypto hack, Chinese developer’s RWA tokens: Asia Express
