North Korean hackers are increasingly utilizing deceptive tactics to infiltrate cryptocurrency projects and exchanges. Evidence suggests they create fake profiles to apply for IT jobs at these companies, often posing as legitimate professionals. Recent investigations have uncovered details of their techniques for building fake identities and how they successfully secure employment at key positions in the crypto industry. ZachXBT, a leading researcher in North Korean hacker activity, has revealed this concerning trend. The source cited in his recent findings suggests that five DPRK IT workers are responsible for spinning up 30+ fake identities to gain access to developer roles in various crypto projects. This information was obtained from an unnamed source who gained access to the hackers’ devices and discovered their sophisticated methods. These techniques include creating fake locations, using local names, and utilizing readily available Upwork and LinkedIn accounts to apply for jobs in crypto-related fields like blockchain development and smart contract engineering. They have also targeted projects such as Polygon Labs. ZachXBT has previously warned about the risks associated with hiring individuals from North Korea, emphasizing the potential threat to companies’ security protocols. Binance, a major cryptocurrency exchange, employs rigorous security measures to filter out candidates suspected of originating from North Korea and actively monitors their CVs and interview performances to prevent such intrusions. The crypto community also maintains unofficial lists of known fake profiles that utilize legitimate-looking LinkedIn accounts and social media profiles to identify potential threats. In the past, reports have highlighted cases where DPRK hackers successfully compromised smart contracts with embedded backdoors. These attacks have impacted multiple projects across different sectors including DeFi and Solana meme tokens. Some hackers even create their own meme tokens as a means of laundering funds. North Korean hackers also exploit vulnerabilities in code repositories or malware-ridden links to initiate malicious downloads through fake job interview invitations. They may even pose as interviewers or project managers, setting up fake meetings with a link to download a file. In some cases, they have used the guise of remote access to new accounts via anydesk programs and utilized crypto payments through intermediary Ethereum wallets linked to their illicit activities. This intricate scheme highlights the increasing sophistication and ingenuity of North Korean hackers in their attacks on the cryptocurrency industry. Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.