A security expert has warned that up to 20% of crypto companies may unknowingly employ North Korean workers. Pablo Sabbatella, founder of the web3 audit firm Opsek, made the claim during an event at Devconnect in Buenos Aires.
Sabbatella said hiring data shows a large infiltration effort. He estimates that 30% to 40% of job applications sent to crypto companies come from North Korean operatives trying to gain access to internal systems.
Because sanctions prevent them from using their real identities, North Korean groups recruit people in countries such as Ukraine and the Philippines to act as “front workers.” These individuals provide verified documents or allow remote access to their devices. North Korean agents then take most of the income, often up to 80%.
U.S. companies are a key target. Operatives commonly pose as non-English-speaking Chinese applicants and ask for help during interviews. Front workers’ computers are infected with malware, giving North Korean agents access to U.S. IP addresses and wider internet access than they have inside their own country.
Sabbatella said many firms keep these workers because they perform well and do not raise suspicion. As a result, they gain deeper access to sensitive systems over time.
He added that weak security practices across the crypto industry make the problem worse. Public founder identities, poor key management, and social engineering attacks create easy entry points.
According to U.S. Treasury data, North Korea has stolen more than $3 billion in cryptocurrency over the past three years. Officials say the stolen funds directly support the country’s nuclear weapons program.
