According to an investigation by crypto detective ZachXBT, crypto companies worldwide, may have unknowingly hired over 900 North Korean hackers into the cryptocurrency ecosystem.
It is speculated that these operatives may be securing IT and software development roles inside crypto businesses, posing a serious risk from within.
A testament to North Korea’s use of cybercrime, ZachXBT’s report estimates that between 345 and 920 operatives have secured positions across crypto firms with the aim of infiltrating internal systems, gathering intelligence, and in some cases, accessing project funds.
ZachXBT reveals in his investigation that these operatives have received over $16.5 million in salaries since the beginning of 2024, often by posing as remote developers, software engineers, and IT specialists. Their monthly earnings range from $3,000 to $8,000, with some working multiple jobs simultaneously.
While some are entry level jobs, ZachXBT says others may have privileged access to sensitive codebases and admin tools that makes it easy to infiltrate internal systems, gather intelligence, and, in some cases, access project funds.
“These aren’t just freelancers looking for work. In many cases, they’re inside agents with a mission,” the report warns.
Recent DeFi and NFT hacks, including a $1 million theft last week, are believed to be linked to these actors. The notorious Lazarus Group, North Korea’s state sponsored cybercrime unit, is suspected of orchestrating many of these intrusions, using junior hires for access and senior members to execute the heists.
The report also importantly highlights systemic lapses in crypto hiring practices. Many startups, especially smaller ones, are said to bypass rigorous Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures, making them vulnerable to such infiltrations.
Regulators are starting to respond. The U.S. Department of Justice recently seized $7.7 million in crypto linked to North Korean operatives, while Japan has urged G7 nations to address the regime’s use of crypto in funding weapons programs.