North Korean hackers are trying to get a job at Binance every day

North Korean hackers, the most famous of which are Lazarus Group, began to turn their attention to cryptocurrencies two or three years ago. Recently, they have also focused on the job market. Jimmy Su, Chief Security Officer at Binance, explained how the exchange detects North Korean hackers posing as candidates for open positions. He also called cybercriminals from the DPRK the biggest threat to crypto companies.

According to Su, Binance rejects suspicious resumes on a daily basis and sometimes catches attackers red-handed «during video calls.

Hackers from the DPRK also infect public code libraries and try to hack into employee accounts through fake Zoom links.

Every day, Binance receives fake resumes that the company believes are sent by potential North Korean hackers. Su noted that hackers from North Korea have been a problem for all eight years of the exchange’s existence, but recently they have significantly increased their skills in the field of crypto.

North Korean hackers have stolen a total of $1.3 billion in 47 incidents during 2024. And the DPRK is responsible for 61% of these attacks. By Bybit’s largest ever crypto hack for $1.4 billion in March this year, Lazarus Group is also on the list.

However, Binance is most often faced with hackers trying to get a job at the company. Resumes with typical templates are rejected at the initial stage. If it goes further, a video interview is conducted — which is becoming more difficult due to the development of AI. Hackers use fake names, software voice alteration, and dipshit videos, and sometimes impersonate candidates from Europe or the Middle East. A sign of a fake is slow internet, because translation and voice alteration are running simultaneously. Sometimes they did not pass when the candidate was asked to cover their face with their hand (AI «breaks» mask). Other employers ask candidates to say something negative about Kim Jong-un, which is prohibited in the DPRK.

Source: Decrypt