North Korea has been partly funding it’s government by targeting cryptocurrencies. In the last few years, they went from stealing millions, to stealing $1.5 billion in cryptocurrency. State agent hackers have been increasing targeting exchanges and holders and making off with astounding sums.

A new tactic is to go after the source: the developers themselves.

Fireblocks has reported they broke up a ring of North Korea operatives that set up fake job interviews for crypto jobs. During Google Meet interviews, they would give take-home assignments via Github. Those projects would contain code that compromised the developer and would grant access to crypto infrastructure.

They used dozens of fake Linkedin profiles that rotated through brands and it is believed they have been doing this for at least a few years. While they were easy to spot with poor grammar in 2017 and 2018, those days are gone. By using AI to craft messages and create fake jobs, they sound far more legitimate.