Key Takeaways
- North Korean hackers are increasingly infiltrating decentralised financial (DeFi) systems by impersonating reputable engineers.
- Some Web3 startups have lately used the contentious “Kim Jong Un” test as a means of identifying these covert operatives.
- Such concerns have been encountered by major DeFi projects as THORChain and SushiSwap.
Not every hacker breaks with code… some walk in slowly, carrying the load… DeFi has become popular for money transfers. It’s quick and simple. However, there is a significant issue. Hackers are also expanding quickly. Over $7 billion has already been pilfered by them.
The Lazarus Group is one risky group. Kim Jong Un is associated with this organization. Lazarus Group, based in North Korea, has used social engineering and fictitious developer identities to penetrate several DeFi initiatives.
One method of identifying possible operatives is now a basic interview technique. The “Kim Jong Un test” is a unique screening technique that some teams have adopted in the wake of the Drift incident.
Candidates may be asked to criticise the leader of North Korea during interviews. Recruiters claim that while some suspected operatives react normally, others frequently pause, sidestep, or end the conversation.
A Simple Question That Exposed A Big Secret!
In April 2026, a widely circulated video of a candidate abruptly disconnecting during one of these prompts sparked debate in the crypto hiring community.
Some developers claim to employ this technique in addition to more conventional checks like background checks and sanctions screening.
Taylor Monahan, a security researcher at MetaMask, has also cautioned that over the course of several years, North Korean IT professionals have integrated themselves into dozens of DeFi initiatives, sometimes even donating valid code.
Although attribution varies by case, it has been revealed that contributors to projects including SushiSwap, THORChain, Yearn Finance, and Fantom were later connected to DPRK networks.
North Korea’s main source of income from cyberspace is the Lazarus Group, also known as UNC4736, AppleJeus, or Citrine Sleet. The organization is skilled at manipulating people rather than just using code exploits.
How Hackers Gain Trust Slowly
Operatives frequently use stolen identities to pretend to be competent developers or independent IT contractors.
They attend industry conferences, apply for remote positions at cryptocurrency companies, and develop relationships over several months through Telegram or face-to-face interactions.
Once inside, they can access internal systems, governance procedures, or repositories. They could be able to install malware, create vulnerabilities, or take advantage of operational flaws thanks to this access.
Before introducing compromised code, the attackers in the Drift case allegedly spent months cultivating contacts. Sensitive passwords and access keys were stolen as a result of the hack, which targeted developer tools.
Final Thought
Over the years, the Lazarus Group has stolen billions. Hackers stole $2.02 billion in 2025 alone, bringing the total to around $7 billion. Attacks are still occurring in 2026. Over $300 million was lost in the Drift hack alone.
Hackers use a variety of wallets and swaps to conceal money. According to experts, this funding favours risky initiatives. These hackers undermine confidence in addition to breaking code. They band together and launch an internal assault.
You need to login in order to Like
Leave a comment