North Korea has reportedly expanded from setting up fake employees at Western tech firms to siphon money into its nuclear weapons program to posting fake jobs in the cryptocurrency sector as part of a bid to steal applicants' crypto assets.
"North Korean hackers are saturating the cryptocurrency industry with credible-sounding job offers as part of their campaign to steal digital cash," Reuters today reported. "The problem is becoming so common that job applicants now regularly screen recruiters for signs they might be acting on Pyongyang's behalf."
The report describes a social engineering scheme that sees North Korean operatives reach out to job seekers on social platforms, instruct them to "visit an obscure website to run a skills test and record a video," and then disappear after using malicious code hosted on that website to compromise the applicant's crypto wallets.
Broader economic trends make this a prime time for scammers to target job-seekers. CNN reported that "postings for software development roles on the job site Indeed fell 71% between February 2022 to August 2025," for example, with the New York Times reporting that computer science grads are finding it harder than ever to find entry-level positions despite being told for years that well-paying dev jobs were abundant.
Combine that with mass layoffs—there have been so many pink slips handed out at tech firms this year that TechCrunch is maintaining a massive list of publicly announced layoffs—as well as return-to-office mandates and it's no wonder people working in cryptocurrency are responding to dodgy North Korean recruiters.
It's not like North Korea is casting a narrow net, either. Reuters reported that researchers at SentinelOne and Validin "uncovered log files accidentally exposed by the hackers that displayed the email and IP addresses of more than 230 people – coders, influencers, accountants, consultants, executives, marketers and more – targeted between January and March." That's a lot of attempted scamming going on.
These social engineering schemes are just part of North Korea's broader efforts to steal cryptocurrency. TRM Labs reported in February that the country's operatives stole $1.5 billion worth of Ethereum from the Bybit crypto exchange in what the company declared "the largest exploit on record."
As for defending against recruitment scams, the most important thing to remember is that if someone makes an offer that seems too good to be true, it probably is.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
