Security Alliance (SEAL) warns of alarming North Korean crypto hackers. Operatives are embedded in 15-20% of crypto firms, posing severe national security risks.
Pablo Sabbatella of Security Alliance (SEAL) issued a stark warning. North Korean infiltration in crypto is “much worse than people think.” He says operatives are embedded within 15% – 20% of crypto companies. Moreover, this exposes a threat that permeates across the entire.
North Korean Hackers Exploit Crypto’s Weak OPSEC
He added that 30% – 40% of the job applications come from North Korean actors. These individuals are using global ‘front’ accounts. They also make use of remote access. They pose as U.S.-based workers.
Sabbatella further stated that crypto has “the worst OPSEC in the entire computer industry.” This makes the founders and teams easy targets. They are susceptible to social engineering and malware attacks.
Moreover, the nature of North Korean penetration is far larger than fund theft. The danger is deeper while they have stolen billions. It involves getting the workers hired at legitimate companies. These operatives get access to critical systems. They operate infrastructure. This is the basis of major crypto companies. This poses an existential risk.
Related Reading: Crypto Hack News: North Korean Hackers Exploit EtherHiding for Crypto Thefts | Live Bitcoin News
Hackers based in North Korea have managed to steal more than $3 billion worth of cryptocurrency. This was in the past three years. This was made possible using sophisticated malware. They used even social engineering. This was according to the US Treasury Department, which reported this in November.
The stolen funds were then put to use. They financed Pyongyang’s nuclear weapons programs. This raises the alarming national security consequences. Their method of hiring is complicated. For the most part, North Korean workers do not apply for jobs directly. As a result, international sanctions make such direct applications impossible.
Instead, they find unsuspecting remote workers all over the globe. These people serve as fronts. Some now act as recruiters. They import collaborators from outside North Korea. These collaborators operate under stolen identities.
Escalating Threat: Funding State Programs Through Cybercrime
According to a recent Security Alliance report, these recruiters use these freelance platforms. Examples include Upwork and Freelancer. They reach people throughout the world. This is especially common in Ukraine, the Philippines, and other developing countries.
Moreover, the pitch to collaborators is a simple one. They have to provide verified account credentials. Alternatively, they allow the North Korean actor to remotely use their identity. In return, the collaborator receives 20% of the earnings. The North Korean operative keeps 80%.
Furthermore, hackers have already pirated more than $2 billion worth of cryptocurrency by being linked to North Korea. This occurred in 2025 alone. This points to a rapidly growing threat. This has a great impact on the digital asset space.
Crucially, reportedly, stolen funds are being used. They are financing North Korea’s nuclear and missile program. In addition, this brings out the vast national security implications of this cybercrime.
New targets are also emerging. Beyond the targeting of individuals, North Korean actors are actively researching. They are also targeting different targets. These are associated with the cryptocurrency industry. This includes exchange-traded funds (ETFs).
Increased security and cooperation are important. The growing threat fosters new partnerships. These are between governments and private security companies. The goal is to make the detection better. It is also focused on improving response to these attacks.
Ultimately, their methodology is advanced. These operations are often dependent on well well-developed cybercrime infrastructure. Some research suggests that North Korea also carries out cyber operations. These are sometimes from third-party countries. This introduces another level of complexity to the threat.