Dual Wallets, AI Monitoring Can Save Crypto From North Korean Hackers

Cryptocurrency companies need to strengthen defenses against North Korean hackers who are seeking jobs at major Web3 businesses to stage large-scale exploits, security experts told Cointelegraph.

Hiring North Korean developers may open a crypto project’s infrastructure to the threat of hacks and data breaches similar to the Coinbase data breach in May, which exposed the wallet balances and physical locations of about 1% of the exchange’s monthly users, potentially costing the exchange up to $400 million in reimbursement expenses.

To fight this growing threat, the industry needs to adopt enhanced wallet management standards, real-time AI monitoring for the early prevention of exploits and more secure employee vetting practices, crypto security experts told Cointelegraph.

“Organizations need to treat the DPRK [Democratic People’s Republic of Korea] IT worker risk seriously,” with “thorough background checks and strict role-based access,” said Yehor Rudytsia, head of forensics and incident response at blockchain cybersecurity company Hacken.

Crypto companies must also follow “CCSS practices for wallet operations (dual control, audit trails, identity verification),” Rudytsia told Cointelegraph. “On top of that, keep enhanced logging, monitor for unusual activity, and review cloud setups often. The key is simple: keep verifying, keep monitoring, and don’t rely on trust alone.”

Dual wallet control is a type of multisignature wallet, which requires multiple key holders to sign a transaction for confirmation.

While most North Korean developers are not hackers, their wages help fund the state, which has become a leading cybercrime threat to the crypto industry.

Related: Circle explores ‘reversible’ USDC transactions in break from crypto ethos

A week ago, Binance co-founder Changpeng Zhao sounded the alarm on the growing threat of North Korean hackers seeking to infiltrate crypto companies through employment opportunities and bribes.

His warning came after an ethical hacker group called Security Alliance (SEAL) published the profiles of at least 60 North Korean agents posing as IT workers under fake names, seeking US employment.

The repository contained key information on North Korean impersonators, including aliases, fake names and email used, along with websites, both real and fake citizenships, addresses, locations and the numbers of firms that hired them.

Related: World Liberty adviser bets millions as corporate treasuries fuel AVAX rally

Real-time AI threat monitoring can save crypto companies from data breaches

Experts also recommend adopting artificial intelligence for real-time threat detection.

“North Korean IT workers are infiltrating crypto firms to gain insider access and move stolen funds or to steal data,” Deddy Lavid, co-founder and CEO of blockchain cybersecurity company Cyvers, told Cointelegraph, adding:

“The Coinbase breach was a warning. Proactive, AI-driven monitoring is how to stop the next one.”

Lavid said AI-based anomaly detection in hiring and linking onchain and offchain data could further protect firms.

In June, four North Korean operatives infiltrated multiple crypto companies as freelance developers, stealing a cumulative $900,000 from these startups, illustrating the threat. 

https://www.youtube.com/watch?v=NDv0RfehETQ

Magazine: Thailand’s ‘Big Secret’ crypto hack, Chinese developer’s RWA tokens: Asia Express