Crypto Alert: 60 Fake IT Workers Linked to North Korea Uncovered
What’s Going On
Changpeng “CZ” Zhao, co-founder of Binance, warned of a new scam tactic used by North Korean hackers.
Cointelegraph
A “white hat” hacker group called SEAL (Security Alliance) has found 60 individuals pretending to be IT workers. These are not legitimate candidates but impersonators with the goal of infiltrating crypto companies.
Cointelegraph
How the Scam Works
The impersonators use various tricks to try to gain access to company systems and sensitive data. Here are the main methods:
Method What They Do
Fake Job Applications They apply for jobs in fields like development, security, or finance to get inside the company.
Cointelegraph
Malicious Links / Downloads During interviews or after contact, they send “updates” or links that install malware on devices.
Cointelegraph
Sample Code Trap They might ask for code samples, then use those to inject harmful code or to expose weaknesses.
Cointelegraph
Bribery & Vendor Compromise They may try to bribe employees or vendors to gain unauthorized access or internal information.
Cointelegraph
Why This Is Important for the Crypto Industry
These fake IT workers pose a serious risk because they try to get a “foot in the door” via employment. Once inside, damage can be large.
Cointelegraph
SEAL has published a repository detailing aliases, fake identities, emails, GitHub profiles, and other info for these impersonators. This helps firms detect suspicious candidates.
Cointelegraph
The threat is not hypothetical. In June, a few of these operatives actually got into crypto startups as freelance developers and stole about US$900,000 total.
Cointelegraph
North Korean hacking activity has been growing: over US$1.34 billion in digital assets were stolen across 47 incidents in 2024—roughly double the amount from 2023.
Cointelegraph
What Beginners Should Understand
If you’re new to crypto or working at a crypto-company, these are useful lessons:
Be careful with job candidates — check identities, verify credentials, don’t rely on only remote interviews.
Avoid downloading unknown files or code from untrusted sources. Even “sample code” can hide bad parts.
Train your staff about common tricks (phishing, fake links, malware disguised as updates).
Use proper vetting of outsourced vendors, freelancers, and employees.
Monitor for suspicious behavior such as requests for unexpected access, unusual file transfers, or attempts to bribe or coerce.
Key SEO Keywords to Know
North Korean hackers crypto
Fake IT workers in crypto industry
Job impersonation scam crypto
Crypto security threats 2025
Binance warning phishing malware
Identify malicious job applicants
Bottom Line
A security team (SEAL) has exposed 60 people claiming to be IT professionals, many with fake credentials, possibly linked to North Korea. Their aim: infiltrate crypto firms and steal or compromise data. For companies and new crypto users alike, this underlines the critical importance of strong security practices at the hiring stage, awareness of malware and phishing, and careful verification of anyone accessing sensitive systems. […]
