Cryptocurrency companies are being warned to tighten their defenses against North Korean hackers, who are increasingly attempting to infiltrate Web3 firms by posing as developers or security experts. Cybersecurity specialists say that lax hiring standards and weak wallet controls could expose projects to multi-million-dollar breaches.
The warning follows recent high-profile incidents, including a May data breach at Coinbase that leaked sensitive user data and could cost the exchange up to $400 million. Experts argue that the tactics being deployed by North Korean operatives are sophisticated, making them harder to detect without proactive measures.
According to blockchain security professionals, infiltrators use multiple strategies. Some disguise themselves as job seekers for development or security roles. Others pose as recruiters to lure employees into downloading malware during staged interviews. Hackers have also bribed insiders or exploited outsourced vendors, creating dangerous backdoors into company systems.
This is why security can’t be the only defense strategy for those in crypto. It has to be paired with smart investment practices. Diversification across projects, a strategy often debated when considering the best crypto to buy, provides a much-needed layer of protection. Even if a single platform is compromised, a balanced portfolio helps investors safeguard long-term value against the ripple effects of large-scale breaches.
“Organizations need to take the DPRK IT worker risk seriously,” said Yehor Rudytsia, head of forensics at cybersecurity firm Hacken. He emphasized the need for thorough background checks and restricted role-based access for staff.
One of the strongest recommendations from industry experts is the adoption of dual wallet control. This approach requires multiple approvals for transactions, reducing the risk of a single compromised account draining funds.
Security standards such as CCSS are also being highlighted as essential. These include dual control, audit trails, and strict identity verification measures. Combined with continuous monitoring and regular cloud audits, experts say these steps form the backbone of modern crypto security.
AI-powered monitoring systems are increasingly viewed as necessary for real-time detection of abnormal behavior. With hackers becoming more inventive, automated tools capable of flagging unusual access patterns or suspicious wallet activity can give firms a critical edge.
“Keep verifying, keep monitoring, and don’t rely on trust alone,” Rudytsia stressed. His comments reflect the broader industry push toward replacing reactive security with proactive detection methods.
Binance co-founder Changpeng Zhao (CZ) has also spoken out about the scale of the problem. He described scenarios where attackers impersonate users in support requests, insert malicious links into coding tests, or exploit vulnerabilities in outsourced services.
“These North Korean hackers are advanced, creative and patient,” CZ warned, urging all crypto platforms to train employees and scrutinize job applicants.
The infiltration risk goes beyond stolen funds. Even when North Korean developers are not directly hacking, their wages are believed to support the state’s cybercrime apparatus. Those funds, in turn, fuel one of the most organized and well-funded cybercrime networks targeting the blockchain industry today.
The scale of the issue became clearer when the ethical hacking group Security Alliance uncovered more than 60 fraudulent developer profiles linked to North Korean operatives. These impersonators were not just sending résumés. They were building convincing digital identities complete with aliases, fabricated locations, and falsified citizenships. The sophistication of these tactics underscores how coordinated and deliberate the infiltration attempts really are.
