North Korean scammers are posing as American job candidates to infiltrate crypto startups
- North Korean scammers are pretending to be job candidates to collect paychecks from Web3 startups.
- Recruiters say they have strong resumes but know little English and can't talk about work experience.
Scammers from North Korea and elsewhere are posing as American job candidates for Web3 startups to collect paychecks in the form of cryptocurrency and potentially spy on internal corporate workings.
Three recruiters in the cryptocurrency industry told Insider they've encountered applicants appearing to be North Korean who come with impressive resumes — only to find out they have no experience whatsoever in the interview.
The matter presents a complicated decision point for the nascent industry, which in many cases promises complete control of one's finances removed from the watchful eye of the US government and the protections it can provide. Altogether, sometimes-shoddy recruiting practices, cash-flush crypto startups, and a remote work craze make for a perfect environment for bad actors to take advantage of the booming Web3 market.
"This is a real thing that everyone in this space knows is happening," Dan Eskow — founder of the recruiting firm Up Top Search — told Insider, adding "it almost looked like these people had no soul."
'Soulless' eyes, language barriers, and scripted lines
Recruiters said the suspicious candidates come with extensive resumes and strong credentials, with experience at heavy hitters in the decentralized finance world, like Parallel Finance or Blockdaemon.
So-called solidity engineers — who understand the native language of the Ethereum blockchain — are scarce talent and are in high demand at the moment, for example. Web3 startups, flush with cash, are eager to hire them.
The red flags would start to fly in when recruiters interviewed candidates via video who weren't able to answer any questions about the companies listed on their resumes.
"You would look them in the eyes, and it would be like they're not even human," Eskow said. "I can't — it's like the creepiest thing."
Elliott Garlock — a recruiting veteran and founder of Stella Talent Partners — told Insider the job seekers used to avoid turning on their cameras, but after recruiters presumably started asking them to, they began to switch them on. That's when he noticed other people in the room.
"Often you'll be like, 'Hey, who's that guy in the background? Like, what's that chatter?' And they'll say something like, 'Oh, well I'm at my cousin's house, we're all working together,'" Garlock said. "It's a very common answer."
Another red flag was a language barrier much different than what tech employers have long encountered upon hiring talent from Asia.
"They're basically reading off of a piece of paper, and you can literally see their eyes — like they're being coached by someone to say specific sentences," Eskow said, like: "I have three years blockchain experience," "I work for a startup," or "I like startup."
The recruiters said they tried to ask more detailed questions about specific places in Canada, Oregon, or the San Francisco Bay Area — typical locales candidates said they were based — but they could never answer.
"They'll say, 'Bay Area, I live in the Bay Area' and you're like, 'Yeah, I understand. Where in the Bay Area?' And they'll be like, 'Bay Area is where I live,'" Garlock said.
End Game: collect crypto before the clock runs out
Recruiters agreed that — although they haven't onboarded any such people themselves — they believe the scammers likely want to get hired and collect their paycheck in cryptocurrency, not US dollars, for as long as they can without actually working (it's common practice for some crypto projects to pay staff in virtual currencies.)
"My guess is that they're scammers looking to land multiple jobs simultaneously, get paid a salary for 1-3 months while 'onboarding' (but delivering no/minimal work), and cycling," Gabriel Bianconi, the chief product officer at the decentralized investment firm Ondo Finance, told Insider.
That means all new hires need to do to get paid is provide a crypto wallet address, such as one through MetaMask, to an employer, which could mean showing fewer official documents than what would be required for traditional onboarding. Typically, US companies must verify a prospective employee's ability to work, either through citizenship documents, a work visa, or authorization.
It may take three to four months for the most disorganized startups to realize new hires aren't working. In the meantime, these scammers have access to email, Slack, and company systems — and could send phishing emails internally to attempt to steal companies' funds, which Garlock said is the worst-case scenario.
North Korea has already been linked to major US crypto hacks
One of the most high-profile crypto hacks in the industry's history was in April, when the Federal Bureau of Investigation said North Korean hackers were behind a theft amounting to $615 million from users of the online play-to-earn game Axie Infinity.
And the US State and Treasury Departments and the FBI jointly warned earlier in May that North Korean IT workers indeed are trying to infiltrate US firms to help fund the country's weapons programs. The agencies said companies that do hire these scammers could face legal consequences.
"If this is happening at this scale, I suspect it works," Bianconi of Ondo Finance said. "That said, they were so obviously fake/bad that I'm not sure which company would hire them."