Crypto Needs Dual Wallet Management and AI Monitoring to Combat North Korean Hackers
Crypto companies are under threat from North Korean hackers who are seeking employment opportunities in major Web3 businesses. These hackers aim to infiltrate companies and steal sensitive data or move stolen funds, posing a significant risk to crypto firms. Cybersecurity experts have warned that hiring North Korean developers can open up a company's infrastructure to the threat of hacks and data breaches.
In May, Coinbase suffered a data breach, exposing the wallet balances and physical locations of about 1% of its monthly users, potentially costing the exchange up to $400 million in reimbursement expenses. To combat this growing threat, the industry needs to adopt enhanced wallet management standards, real-time AI monitoring for the early prevention of exploits, and more secure employee vetting practices.
"Organizations need to treat the DPRK [Democratic People's Republic of Korea] IT worker risk seriously," said Yehor Rudytsia, head of forensics and incident response at blockchain cybersecurity company Hacken. "This means conducting thorough background checks and strict role-based access." Crypto companies must also follow "CCSS practices for wallet operations (dual control, audit trails, identity verification)," Rudytsia added.
Dual wallet control is a type of multisignature wallet, which requires multiple key holders to sign a transaction for confirmation. While most North Korean developers are not hackers, their wages help fund the state, which has become a leading cybercrime threat to the crypto industry.
A week ago, Binance co-founder Changpeng Zhao sounded the alarm on the growing threat of North Korean hackers seeking to infiltrate crypto companies through employment opportunities and bribes. His warning came after an ethical hacker group called Security Alliance (SEAL) published the profiles of at least 60 North Korean agents posing as IT workers under fake names, seeking US employment.
The repository contained key information on North Korean impersonators, including aliases, fake names and email used, along with websites, both real and fake, citizenships, addresses, locations and the numbers of firms that hired them. This highlights the need for crypto companies to strengthen their defenses against North Korean hackers.
Real-time AI threat monitoring can save crypto companies from data breaches. "North Korean IT workers are infiltrating crypto firms to gain insider access and move stolen funds or to steal data," said Deddy Lavid, co-founder and CEO of blockchain cybersecurity company Cyvers. "AI-based anomaly detection in hiring and linking onchain and offchain data could further protect firms."
In June, four North Korean operatives infiltrated multiple crypto companies as freelance developers, stealing a cumulative $900,000 from these startups, illustrating the threat. Magazine: Thailand’s ‘Big Secret’ crypto hack, Chinese developer’s RWA tokens: Asia Express