Crypto Labs Under North Korean Watch

North Korea’s cyber workers have been quietly shaping the world of digital money for more than seven years. A security expert explained that dozens of popular decentralized finance sites have had these programmers working on their code from the early days of the industry. The experience listed on their résumés is genuine, she said. The group known as Lazarus, which the country backs, has taken about $7 billion in crypto since 2017. Their biggest attacks include a $625 million breach of the Ronin Bridge in 2022, a $235 million theft from WazirX in 2024 and a $1. 4 billion loss at Bybit in 2025.

Just after the Drift Protocol revealed a $280 million hack, it also said that North Korean state hackers were involved. The company’s investigation showed the attackers used “third‑party intermediaries” with fake identities, not direct contacts from North Korea. One Solana exchange founder recalled hiring a candidate who later turned out to be a Lazarus operative, discovered only after an online interview. U. S. regulators offer tools for crypto firms to check potential partners against sanctions lists and flag suspicious hiring patterns. Experts warn that job‑posting scams are simple but relentless; ignoring them is a sign of carelessness.

Actions