AI-powered threat detection and wallet controls could shield crypto firms from North Korean hackers

NEWS IN BRIEF

North Korean hackers are using job offers at crypto firms as a gateway to infiltrate Web3 businesses.
AI-driven real-time threat detection and enhanced wallet management could prevent large-scale data breaches like the Coinbase hack.
Firms need stricter hiring practices and more robust security protocols to mitigate the growing cybercrime threat from North Korea.

Cryptocurrency companies are facing mounting pressure to protect themselves from North Korean operatives posing as legitimate developers in the Web3 sector. Security specialists warn that employing these infiltrators could expose firms to large-scale hacks and costly data breaches.

North Korean infiltration risk in crypto hiring is increasing

Experts note that bringing in North Korean developers even unwittingly creates significant vulnerabilities. A case in point is the Coinbase breach in May, which compromised the wallet balances and physical addresses of about 1% of its monthly users, with potential losses climbing to $400 million.

The DPRK IT worker threat must be taken seriously, the need for comprehensive background checks, strict role-based permissions, and enhanced monitoring systems.

Subscribe to our

Get weekly updates on the newest crypto stories, case studies and tips right in your mailbox.

Recommended safeguards include CCSS-compliant wallet operations, dual control for transactions, identity verification, and regular cloud infrastructure reviews. Multisignature wallets, which require multiple authorizations before funds can be moved, are increasingly viewed as a vital line of defense.

These North Korean hackers are advanced, creative and patient. I have seen/heard:

1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.

2. They pose as employers and try to… https://t.co/axo5FF9YMV
— CZ 🔶 BNB (@cz_binance) September 18, 2025

AI surveillance is becoming a crucial line of defense

Alongside stronger wallet protocols, experts argue that artificial intelligence could be a game-changer in detecting threats early. Real-time AI monitoring offers the ability to spot suspicious behaviors before they escalate into damaging exploits.

North Korean IT workers infiltrate firms not just to steal data but also to gain insider access to launder stolen funds. The Coinbase breach was a wake-up call. AI-driven anomaly detection can prevent the next big disaster.”

AI can analyze both on-chain and off-chain data, helping firms flag fraudulent hires and detect subtle signs of malicious activity. This approach is already proving vital: in June, four North Korean operatives embedded themselves in multiple crypto startups, siphoning nearly $900,000 before being exposed.

Global concern around state-sponsored cybercrime is growing

While not every North Korean developer is directly involved in hacking, their wages still funnel money back to the regime, which has become one of the world’s most aggressive state-backed cybercrime actors. Binance co-founder Changpeng Zhao recently warned of this escalating threat after an ethical hacker group, Security Alliance (SEAL), revealed profiles of at least 60 North Korean agents posing as freelancers.

The database included aliases, falsified citizenship records, and details of firms that had unknowingly hired them.