Infiltration Risks in (Crypto) Hiring - Durlston Partners

Durlston Partners has once again had the opportunity to partner with DL News. This independent news organisation provides in-depth reporting on the largely misunderstood world of cryptocurrency and decentralised finance.

Karolis Kundrotas spoke with Liam J. Kelly who was investigating a disturbing trend in the crypto industry by speaking with multiple founders, recruiters, and security experts. Fake applicants are flooding job forums and slowing the hiring process, often reading from a script, or providing doctored CVs, and more often than not do not turn their cameras on during conversations to conserve their true intentions.

Below, you will find the full article in detail. We thank Liam for his time and the continued support of DL News.

North Korean hackers are infiltrating crypto job boards in a ‘quiet war’ that rakes in $600m

Hiring in the crypto industry has never been easy.

Finding skilled devs is tough, as is managing remote workers in multiple time zones.

Now, crypto staffing is about to get even harder.

A DLNews investigation has found that fake applicants are flooding job boards with doctored CVs.

Moreover, mounting evidence suggests a number of these bogus applicants appear to be North Korean nationals who are trying to infiltrate crypto projects for nefarious purposes, including gathering sensitive data, hacking, and stealing assets.

“It’s an operational hazard for the industry,” Shaun Potts, founder of crypto-specific recruiting firm Plexus, told DL News. “It’s an ongoing thing, in the same way that hacking is a thing within tech. You can’t stop it, but you can minimise its risks.”

Concealing identities

More than 4,000 North Koreans have been directed to worm their way into jobs in the technology industry in the West by concealing their identities, according to the United Nations Security Council. That includes the crypto industry.

In 58 suspected cyberheists, North Korean hackers have stolen $3 billion worth of crypto assets in the last seven years, the council said in a recent 615-page report.

While it’s unclear how many of those thefts were perpetrated with the help of fake employees, experts fear the trend is just beginning.

‘They illegally sell resources, IT work, hard labour, and hacking.’ — Taylor Monahan, MetaMask

That’s because it’s big business. The fake hiring scheme alone earns North Korea up to $600 million annually, the UN said.

“They have very limited amounts of resources they can sell to China,” Taylor Monahan, lead security researcher at crypto wallet MetaMask, told DL News. “So they generate revenue by doing things like illegally selling resources, IT work, hard labour, and hacking.”

New challenge

This development is a fresh challenge for an industry that is going mainstream. With the rollout of Bitcoin ETFs, Wall Street has embraced crypto as an asset class. DeFi stalwarts such as Solana and Aave are recording rising revenues and expanding their businesses.

The last thing crypto needs is an army of bogus job applicants as the industry scales up and demand for new hires jumps.

Ten of the largest crypto exchanges, including Coinbase and Binance, posted more than 1,200 new openings in May. Layoffs are also slowing.

According to data from Layoffs.fyi, the number of jobless people in crypto fell dramatically in the first quarter compared with the same period last year.

‘They’ve just added a couple of new roles to make it appear differently on LinkedIn search.’ — Karolis Kundrotas, Durlston Partners

“Everyone I know is either working on another project or unavailable,” Zak Cole, co-founder of crypto venture studio NUMBER GROUP, told DL News. “How are we going to bring in new talent?”

The answer — cast a wider net.

AI search

Instead of turning to a formal recruiting agency, Cole and his co-founders used an artificial intelligence tool called Applicant AI to screen applicants. It uses AI to flag keywords in CVs that meet their criteria.

The results have been mixed. In a video interview with Number Group, one applicant who listed Dutch as their native tongue hung up when asked to speak in the language.

Another applicant’s GitHub profile — a LinkedIn for programmer types — was only created a month prior, even though they were applying for a senior-level developer role.

On another résumé, an applicant for a remote working position listed a state penitentiary in Texas as a home address.

When asked if they indeed lived in a prison, the applicant said, “Yes.”

Cole’s biggest concern was making sure applicants were who they said they were.

He said a pattern emerged as he sifted through them and set up interviews: Many refused to turn on their cameras.

Video calls

Often, what they said during interviews contradicted what was written on their CVs. In other words, they were lying.

“They all have the same kind of script,” said Cole. He said their backgrounds were also blurred if they appeared on camera and that they were calling from a room with other people in it.

Karolis Kundrotas, a crypto-industry consultant at the recruiting firm Durlston Partners, said many applicants are copying real LinkedIn profiles.

“It’s the exact same experiences, and it’s the exact same kind of education as a real person,” he said. “They’ve just added a couple of new roles to make it appear differently on LinkedIn search.”

Kundrotas said video calls are crucial, too, because you can see if the person is quickly reading additional information before answering.

An applicant did precisely this during one video call shared with DL News.

The applicant indicated a deep knowledge of non-fungible tokens and crypto games, but had never heard of “Axie Infinity,” one of the industry’s largest and most well-known games.

Naturally, this is a big red flag.

Shunning background checks

Besides being a massive waste of time, these fake applicants are also doing damage to a key pillar of crypto’s ethos.

Anonymity and pseudonymity are prized values in crypto. The tendency of project teams to shun background checks and work at breakneck startup speed makes them a prime target for illegitimate hiring schemes.

For this reason, Potts says that 95% of his clients have stopped hiring pseudonymous developers.

“People underestimate the low bar across a lot of crypto,” MetaMask’s Monahan said. “It’s actually not all that uncommon for a random project to hire someone to do some work and then level them up rapidly.”

That may be what North Korea’s sleeper applicants are counting on.

$60,000 monthly pay

Some undercover North Korean crypto employees earn as much as $60,000 monthly and hold multiple full-time and freelance jobs.

The higher earners get to keep 30% of their earnings and hand the rest to authorities in Pyongyang, according to the UN report.

Given reports of extreme poverty in North Korea, the sums are vast for individuals.

That’s why startups must remain diligent.

“They will continue to flood job posting forums, create résumés, and go after crypto companies and projects as long as it’s effective,” said Monahan.

There is a geopolitical angle to their work as well.

Erin Plante, vice-president of investigations at Chainalysis, said there is evidence North Korea is partly funding its nuclear weapons programme by hacking crypto sites. The Lazarus Group, a North Korean hacking operation, raided the Ronin bridge for $540 million in 2022, according to Elliptic, the blockchain analytics firm.

In 2019, the US Treasury Department’s Office of Foreign Assets Control sanctioned Lazarus.

If North Korea is using bogus applicants as part of this programme, that’s a major issue, said Adam Zarzinski, CEO of blockchain analytics firm Inca Digital.

“There’s this quiet war happening,” Zarzinski, a former US Air Force judge advocate, told DL News.

Written by Liam J. Kelly.

Crypto Corner

Things don't look great. Crypto lost over $277B in total market cap between Aug. 3rd and 4th, with Bitcoin briefly dropping beneath $50K and Ethereum dropping as low as $2.1K. Where has this come from?

• Market Sell-off: Amidst the drop, $1B in futures were liquidated before the end of day Monday, 5th Aug —?mostly long traders.
• Contributing Factors: The sell-off was exacerbated by a stronger Japanese yen and rumours of market maker Jump Trading liquidating its crypto business. Jump has moved over $450M in ETH to Binance and OKX since Saturday, 3rd Aug.
• TradFi Problems: This movement has not only impacted crypto, with the S&P 500 down 2.5%, the NASDAQ down 3.1%, and the Dow down 2% within 30 minutes of the NYSE opening this Monday (5th). Additionally, brokerage accounts such as Fidelity, Charles Schwab, and Etrade all experiencing outages.
• Strong Bounce: Despite the painful drop, majors such as Bitcoin, Ethereum, and Solana have had strong recoveries this week. As a result, Bitcoin ETFs saw nearly $3B in volume during their first hour.

Concerns for a US (and even global) recession are prevalent, and the Japanese yen is facing significant volatility, substantially impacting the entire market. Jump’s exit from the crypto space has added to the tension. However, as of this morning, the U.S. non-manufacturing PMI for July exceeded expectations, prompting a reassessment of the likelihood of an immediate U.S. recession and contributing to the strong rebound we witnessed yesterday (Bitcoin, Ethereum, and Solana up ~8%, ~14%, and ~18% from their lows respectively).

While the environment remains uncertain and volatility is heightened, particularly during the summer months, history has shown that crypto often rewards those who take decisive action in challenging times.

Written by Karolis Kundrotas

Market Headlines

• The Unusual Thing About Citadel Versus Other Multistrategy Hedge Funds

Citadel is not like other multistrategy hedge funds. Millennium aside, it has more assets than most. It also employs more people. But its people are a slightly different type.

• Crypto Is Becoming More Than Just an Arbitrage Trade for Hedge Funds

Multi-billion dollar hedge funds now have a place for crypto in their long-term portfolios. The scale of financial and technical resources hedge funds are allocating to Bitcoin and other cryptocurrencies is something that the market has never seen before. New York-based Millennium Management poured nearly $2 billion into Bitcoin ETFs in the first quarter. Schonfeld, Point72, Elliott Investment Management L.P., and Sculptor Capital Management are among the hedge funds holding Bitcoin ETFs.

• Crypto Market Crash Triggered by ‘Aggressive’ Selling by Jump Trading

Jump Trading significantly contributed to the crypto market sell-off, and it could be looking to sell another $104 million worth of crypto, according to QCP Group. The crash to an over five-month low was mainly caused by Ether selling from Jump Trading Group and Paradigm VC, according to an Aug. 5 report by QCP Group, which wrote: “The immediate trigger in crypto seems to have been aggressive ETH selling from Jump Trading and Paradigm VC. The move was probably exacerbated by market makers scrambling to cut short gamma as front-end ETH volumes spiked more than 30% to 120%!”.

Hot Roles

NEW CRYPTO/DEFI

• C++ Engineer (Remote) - Quant Trading - Open Budget

JAVA DEVELOPERS

• Senior Java Engineer - Sys Quant Fund - Up to ￡275k TC
• Senior Java Developer - Sys Fund - Up to ￡350k TC
• Jr/Mid Java Developer - Hedge Fund - Up to ￡100k + Bonus
• Software Engineer - Start-up - Up to ￡150k + Bonus
• Software Engineer - AI - Up to ￡100k + Equity
• Front Office Developer - Hedge Fund - Up to ￡125k + Bonus
• Sr Fullstack (Java/React) - Sys Fund - Up to ￡150k base + Bonus

PYTHON DEVELOPERS

• Python (Rust) Engineer - FI Fund - Up to ￡150 + Bonus + Equity
• Trading System Developer - Prop Shop - Up to ￡200k + Bonus + Equity
• Quant Developer - Asset Manager - Up to ￡120k + Bonus
• Principal Engineer - Asset Manager - Up to ￡180k + Equity + Bonus
• Senior Engineer - Sys Fund - Up to ￡150k base + Bonus
• Software Engineer - AI - Up to ￡100k + Equity
• Front Office Developer - Sys Fund - Up to ￡300k TC
• Quant Developer - Algo Trading - ￡350k+ TC

C++ DEVELOPERS

• Developer (can be Lead) - Market Maker - Up to ￡200k + Bonus

C# DEVELOPERS

• C# Software Engineer - Hedge Fund - Up to ￡200k TC

RUST

• Python/Golang/Rust Developer - Crypto - Up to ￡200k base + Bonus
• Rust Engineer - Market Maker - Up to ￡150k + Bonus

FRONTEND/FULLSTACK

• Lead Frontend Developer - AI Start-up - Up to ￡170k + Options

UNITED STATES

• C# Software Engineer (NYC) - Hedge Fund - Up to $250k TC
• Jr Quant Developer (NYC) - Sys Fund - Up to $450k base + Bonus
• Trading Systems Developer (NYC) - Prop Trading - $750k+ TC
• C++ Developer (NYC) - HFT - Up to $800k TC
• Lead Developer (NYC) - Algo Trading - Up to $800k TC
• Research Engineer (IL) - Algo Trading - Up to $750k TC
• C++/Python Quant Developer (NYC) - Sys Prop Shop - Up to $750k TC
• Lead C++ Engineer (Remote) - Prop Trading - Up to $500k + Bonus
• Quant Researcher/Dev (IL) - Sys Market Making - Up to $650k TC
• Lead C++ (Algo Execution) Engineer (NYC) - HFT Market Making - ~$1M
• C++ Engineer (Remote) - HFT - Up to $400k + Bonus
• Algo Engineer (C++ & Python) (IL) - Prop Trading - Up to $750k TC
• Sr Research Engineer (IL) - Quant Trading - Up to $750k TC

BONUS

• Senior Macro Analyst (NYC) - Sys Fund - $750k TC
• Options Strategist (UK) - Sys Fund - Up to ￡250k base + Bonus
• Senior Portfolio Manager (NYC) - Equities/Futures - Up to $2M
• Quant Researcher (NYC) - Sys Fund - Starting at $150k base
• Quant Researcher (IL) - Sys Futures HFT - Up to $1M

ALL LIVE ROLES: LinkedIn / DP Website

If you're interested, click the link and apply via LinkedIn or our Website. If you have any questions regarding any of these roles, please email [email protected]

Follow our social channels to keep up to date with Durlston Partners' latest roles and daily updates - LINKTREE ??