North Korean hackers are posing as excellent candidates with fake Korea profile pictures in recruitment drives. This enables them to work for Web3 companies. Once inside, they have access to all of the digital assets owned by the companies that employ them. How it functions is described by Neil Dundon of Cryptorecruit.
How can we know the fake candidates?
It takes some effort to figure out the source of these fake profiles. But then it clicks. There are usually telltale signs that something isn't as real as it seems on every single fake profile.
The profile picture is the first warning sign. It makes the biggest signal. Recruiters just glance at the picture. A common lie of the brilliant candidate is that they are Japanese. You soon discover, however, that they are not at all Japanese. And then there is the vacuous look in their eyes. Like they were created by an AI tool, if not like robots. They undoubtedly lack a soul.
It is very unusual to see a phone number. But if a phone number is provided, it belongs to the United States. They can be encouraged to join you on a call. However, Skype is commonly used. And if you do actually connect, you have to utterly insist they turn their camera on. When you get them in view, they don't look like real people. In fact, they look robots. It's incredibly bizarre and unsettling!
The language they use is exactly the same in every case – like they are reading from a script. They must be working out of a call centre someplace, we can only suppose. It is most likely based in North Korea's deep.
Hackers in North Korea and the jobs they seek
What positions do these hackers apply for then? Typically, they identify themselves as Web3 developers, blockchain developers, or developers of Solidity.
Their LinkedIn profiles always use a very familiar and identifiable template. The most beautiful keywords may be found throughout these templates. These are words that hiring employees and recruiters in the cryptocurrency industry could only expect to hear on a good day.
You can count on these fake profiles to immediately auto-reply to any job ads that recruiters publish. But the fact is this. Solidity developers who are worth their salt do not actually apply for jobs. They are frequently targeted by recruiters, in fact. They constantly have a variety of opportunities.
The biggest warning sign is undoubtedly these hackers searching for jobs. Even if they have years of Solidity experience and a great profile, proceed with caution. Of course, there can be exceptions to the rule. But stay on guard.
