CZ Sounds Alarm as 'SEAL' Team Uncovers 60 Fake IT Workers Linked to North Korea
The cryptocurrency industry is facing a growing threat from North Korean hackers who are posing as IT workers to infiltrate companies and steal sensitive user data. According to Binance co-founder Changpeng "CZ" Zhao, the white hat hacking team SEAL has uncovered at least 60 fake profiles of North Korean agents impersonating IT workers under false names.
Zhao sounded the alarm on X about the increasing threat of North Korean hackers seeking to infiltrate crypto companies through employment opportunities and even bribing exchange staff for data access. "They pose as job candidates to try to get jobs in your company," CZ said. "This gives them a 'foot in the door,' specifically for employment opportunities related to development, security, and finance."
Other North Korean agents use various tactics to infiltrate companies, including sending malicious "sample code" to employees, posing as users to send malicious links to customer support, or even bribing employees and outsourced vendors for data access. Zhao warned crypto platforms to train their employees to not download files and screen candidates carefully.
This warning comes after similar concerns from Coinbase, which reported a new wave of threats last month. In response, Coinbase CEO Brian Armstrong introduced new internal security measures, including requiring all workers to receive in-person training in the US, while people with access to sensitive systems will be required to hold US citizenship and submit to fingerprinting.
"We can collaborate with law enforcement, but it feels like there's 500 new people graduating every quarter, from some kind of school they have, and that's their whole job," Armstrong told Cheeky Pint podcast host John Collins. The growing threat of North Korean hackers is a major concern for the industry, and it's essential to take proactive steps to prevent infiltration.
The Growing Threat of North Korean Hackers
A group of ethical hackers called Security Alliance (SEAL) compiled the profiles of at least 60 North Korean agents posing as IT workers under fake names seeking to infiltrate US crypto exchanges and steal sensitive user data. SEAL shared its new repository for North Korean impersonators on X, containing key information on impostors, including aliases, fake names, email used, websites, citizenships, addresses, locations, and the numbers of firms that hired them.
Salary details, GitHub profiles, and all other public associations are also included for each impersonator. This repository is a valuable resource for crypto companies to stay informed about the growing threat of North Korean hackers. In June, four North Korean operatives infiltrated multiple crypto firms as freelance developers, stealing a cumulative $900,000 from these startups.
The white hat SEAL team was formed to combat these exploits, led by white hat hacker and Paradigm researcher Samczsun. SEAL conducted more than 900 hack-related investigations within a year of its launch, illustrating the growing need for ethical hackers. North Korean hackers like the infamous Lazarus Group are the main suspects behind some of the most devastating cryptocurrency heists.
The Impact on Crypto Companies
Throughout 2024, North Korean hackers have stolen over $1.34 billion worth of digital assets across 47 incidents, a 102% increase from the $660 million stolen in 2023, according to Chainalysis data. The industry is facing significant losses and reputational damage due to these attacks.
Coinbase hack shows that even reputable companies are not immune to these threats. It highlights the need for crypto companies to take proactive steps to prevent infiltration and protect their users' sensitive information.
The Call to Action
It's essential for crypto companies to take CZ's warning seriously and implement robust security measures to prevent North Korean hackers from infiltrating their systems. This includes training employees to be vigilant, screening candidates carefully, and implementing regular security audits.
By taking proactive steps to protect themselves, crypto companies can minimize the risk of being targeted by North Korean hackers. The industry must work together to stay informed about these threats and develop effective strategies to prevent infiltration.