The post North Korean operatives may already be embedded in up to 20% of crypto firms appeared on BitcoinEthereumNews.com.

North Korean agents are gaining access to the digital-asset industry at a scale that industry investigators say has largely gone unnoticed, creating significant risks for hiring networks, internal systems, and the security posture of crypto companies. Recent remarks from Security Alliance (SEAL) member Pablo Sabbatella outline a pattern of hidden recruitment practices, malware-driven access routes, and breached operational security, revealing that the industry is facing increased exposure than previously recognized. Sabbatella indicated that the scale of North Korean infiltration is greater than has been publicly acknowledged, and that there is a scenario in which agents are already integrated into 15% to 20% of crypto firms. He also stated that 30% to 40% of job applications submitted to crypto companies may be made by individuals acting on behalf of the North Korean state. He described that the occurrence of infiltrators is not restricted to direct attacks or single occurrences, but it spreads into the daily activities of companies. After being hired, these individuals gain access to internal tooling, production systems, and other industry-standard infrastructure. Sabbatella claims that this path of entry has now become one of the favorite vectors of North Korean activity. North Korean front workers and remote identities enable entry The recruitment system works with middlemen who offer validated digital identities and access to platforms that users in North Korea cannot access directly. According to SEAL’s findings, such arrangements typically depend on workers in regions such as Ukraine and the Philippines, among other developing nations, who sell access to freelance accounts on websites like Upwork and Freelancer.  In jobs that demand U.S. qualifications, Sabbatella claimed that some of its operatives find an American resident who is ready to be the face of the prospective candidate. The operative will then install malware on the device of that individual, providing them with…

---

Filed under: News - @ November 23, 2025 3:21 pm