- DPRK IT workers use AI filters and cheating tools to infiltrate the US workforce.
- Beyond infiltration, North Koreans hack US crypto firms after illegally landing remote jobs.
- There are over 25 cases where DPRK IT workers masterminded hacks and team exploits.
Replit CEO Amjad Masad has identified a growing trend of North Korean workers using AI filters and interview cheating tools to land remote jobs in the US.
He noted that while many assume this is traditional espionage, the primary motive is fund generation for North Korea.
Related: North Korea-Linked Lazarus Group Targets BitMEX Employee with Phishing Scam
Masad added that the practice has already produced hundreds of millions of dollars, with workers posing under false identities. Employers are beginning to counter these tactics by testing applicants with location-specific questions or real-time coding tasks.
ZachXBT Traces Hacks to DPRK Workers
On-chain sleuth and 2D investigator ZachXBT agrees with Masad’s observation of the influx of DPRK IT workers into the US, utilizing deceptive AI tools.
However, he noted that their intentions go beyond making money for their country, sharing evidence of cases where DPRK IT workers masterminded hacks and extortions.
According to ZachXBT, DPRK IT workers with fake identities have masterminded hacking or extortion of teams for funds, particularly within the cryptocurrency ecosystem. The on-chain sleuth referenced posts from the past, including a case from over a year ago, when he uncovered more than 25 crypto projects that were hiring DPRK IT workers with fake identities, all of whom participated in hacks and extortion.
Related: North Korean IT Workers Infiltrate Tech and Crypto Projects, Pocket Over $16 Million
In one instance, ZachXBT discovered that four different developers hired by the Munchables team were the same individual with multiple identities.
According to the 2D investigator, the separate identities recommended each other for jobs, regularly transferred payments to the same exchange deposit addresses, and funded each other’s wallets. The impersonator’s activities compromised Munchables’ network in March 2024, resulting in a $63 million exploit.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
