Cryptocurrency firms must bolster their defenses against North Korean hackers attempting to secure roles at major Web3 companies to facilitate large-scale exploits, experts warned Cointelegraph.
Employing North Korean developers could expose a crypto platform’s infrastructure to hacking threats and data breaches akin to the Coinbase incident in May, which revealed wallet balances and physical locations of approximately 1% of the exchange’s monthly users, potentially incurring up to $400 million in reimbursement costs.
To combat this escalating threat, the industry must implement improved wallet management standards, real-time AI monitoring for early exploit detection, and more rigorous employee vetting processes, according to crypto security experts speaking to Cointelegraph.
“Organizations should consider the DPRK [Democratic People’s Republic of Korea] IT worker risk seriously,” emphasizing “comprehensive background checks and strict role-based access,” stated Yehor Rudytsia, head of forensics and incident response at blockchain cybersecurity firm Hacken.
Crypto firms must adhere to “CCSS practices for wallet operations (dual control, audit trails, identity verification),” Rudytsia stated to Cointelegraph. “Furthermore, maintain enhanced logging, monitor for abnormal activity, and frequently review cloud configurations. The primary principle is straightforward: consistently verify, consistently monitor, and avoid relying solely on trust.”
Dual wallet control refers to a type of multisignature wallet, requiring multiple key holders to authorize a transaction.
While the majority of North Korean developers are not malicious actors, their salaries contribute to a regime that poses a significant cybercrime threat to the cryptocurrency sector.
Related: Circle investigates ‘reversible’ USDC transactions, deviating from crypto principles
Recently, Binance co-founder Changpeng Zhao raised concerns regarding the rising threat of North Korean hackers attempting to penetrate crypto companies through job offers and bribes.
His warning followed the release of profiles by an ethical hacker group named Security Alliance (SEAL), which documented at least 60 North Korean agents masquerading as IT workers under fictitious names, seeking employment in the U.S.
The repository provided crucial details about North Korean impersonators, including their aliases, pseudonyms, used emails, along with both real and fictitious websites, citizenship statuses, addresses, locations, and the number of companies that employed them.
Related: World Liberty adviser invests millions as corporate treasuries drive AVAX surge
Real-time AI threat monitoring can save crypto companies from data breaches
Experts also suggest the implementation of artificial intelligence for real-time threat detection.
“North Korean IT workers are infiltrating crypto companies to gain insider access, either to misappropriate stolen assets or to extract data,” remarked Deddy Lavid, co-founder and CEO of blockchain cybersecurity firm Cyvers, adding:
“The Coinbase breach was a cautionary tale. Proactive, AI-driven monitoring is essential to avert the next incident.”
Lavid noted that AI-based anomaly detection in hiring processes and linking on-chain and off-chain data could further safeguard firms.
In June, four North Korean operatives compromised multiple crypto businesses as freelance developers, accumulating a total of $900,000 in thefts, highlighting the severity of the threat.
Magazine: Thailand’s ‘Big Secret’ crypto hack, Chinese developer’s RWA tokens: Asia Express
