A cybersecurity specialist has issued one of the strongest warnings yet about North Korea’s reach inside the crypto industry. Speaking at Devconnect in Buenos Aires, Pablo Sabbatella, founder of web3 audit firm Opsek and member of the Security Alliance, said that as many as one in five crypto companies may unknowingly have North Korean workers embedded in their teams.
According to Sabbatella, the infiltration is far more widespread than isolated reports suggest. The data shows a systemic pattern: 30% to 40% of job applicants attempting to join crypto companies may actually be North Korean agents using fraudulent identities.
DPRK Operatives Exploit Global Hiring Platforms
International sanctions prevent North Koreans from applying to global jobs using their real identities. Instead, Sabbatella explained, the regime relies on a sophisticated identity laundering network:
🔹 Fake Employees Using Real Identities
North Korean agents pay individuals in countries like the Philippines, Ukraine, and others to act as “front people.”
🔹 Freelance Platforms as Hunting Grounds
Platforms such as Upwork and Freelancer are heavily targeted, where collaborators rent out their accounts, credentials, and even passports.
🔹 80/20 Earnings Split
The North Korean operative receives 80% of income, while the front person keeps the remaining 20%.
🔹 Malware-Infected Machines
During interviews and remote setup, DPRK agents install malware on the front person’s computer, gaining access to:
- U.S.-based IP addresses
- Corporate systems
- Unrestricted internet access (not allowed inside North Korea)
This enables North Korean operators to appear as legitimate, compliant employees from abroad.
Why Companies Don’t Notice: “They Work Well and Never Complain”
Once hired, these covert agents typically blend in easily.
“They work well, they work a lot, and they never complain,” Sabbatella said. Their high performance makes them appear reliable, reducing suspicion while gradually increasing access to sensitive internal systems.
This long-term infiltration gives North Korean cyber units the opportunity to steal private keys, access internal infrastructure, and carry out major financial thefts.
Massive Crypto Theft Funds Nuclear Weapons Programs
According to U.S. Treasury data from November, North Korea has stolen more than $3 billion in crypto over the past three years. These funds directly support:
- Nuclear weapons development
- Ballistic missile programs
- State-sponsored cyber warfare units
The scale of the theft makes North Korea one of the most financially successful cybercriminal groups in the world.
Crypto Industry Labeled the “Weakest” in Operational Security
Sabbatella criticized the crypto sector for having some of the weakest operational security practices of any industry:
- Founders routinely reveal their personal identities on social media
- Poor private key management
- Companies fall for simple manipulation tactics
- Inconsistent verification of remote workers
- Lack of hiring due diligence
These vulnerabilities create exactly the kind of environment where organized state-sponsored actors thrive.
