Crypto Trust Crisis — The “Kim Jong‑Un Test” Is Exposing Secret North Korean Moles

Amidst yet another big hack attributed to North Korea-linked operatives, some crypto builders have confessed they are passing tests during interviews to developers to make sure they are not North Korean agents.

The Fool-Proof “Kim Jong‑Un Test” For Crypto Developers

Once again, the Democratic People’s Republic of Korea (DPRK) is responsible for some action movie-sounding moves.

Following the attribution of the April 1st $285 million attack on Drift Protocol to UNC4736, a North Korea–aligned, state‑sponsored hacking group, multiple crypto industry actors have taken to the social network X to share their fears and methods to combat what essentially are DPRK secret agents.

All details on the long‑term social engineering, fake professional personas, in‑person conference meetings and compromised tooling employed in the attack can be consulted on a yesterday’s article in our sister’s website Bitcoinist.

Unbelievable and hilarious as it may sound, the most straightforward strategy some of these builders have found is asking candidates to explicitly insult Kim Jong-Un, North Korea’s regime head, during interviews.

Yesterday, Tanuki42, an independent blockchain security investigator, shared an actual video of a “North Korean IT worker being stopped dead in their tracks upon being required to insult Kim Jong Un”.

In the video, “Taro Aikuchi” wasn’t just unable to repeat after the interviewer that “Kim Jong-Un is a fat, ugly pig”: he was taken aback and visibly nervous.

In a different video shared by the security investigator, “Taro” tells him amusingly that he “knows North Korea well”, but then experiences very convenient connection issues when is asked to say “Fuck Kim Jong-Un”.

Later on the thread, Tanuki42 showed the candidate changed his Telegram handle, wiped their chat and blocked him after the interview.

His X account and LinkedIn page also disappeared.

Crypto investor and fund manager Jason Choi quoted Tanuki42’s thread to echo the message, claiming that a lot of crypto founders have shared with him that this test works.

Crypto founder and RWA‑focused builder Pav replied to Choi saying that he has been using the tactic 2024, after he found out he was interviewing a DPRK agent for an engineering position in 2022.

Simon Wijckmans, another cybersecurity founder and product leader, also replied to Choi sharing a clip from one of his own interviews with a candidate, “William Nation”, who failed to say that Kim Jong-Un is a dictator after Wijckmans requested him to do it

Despite the overwhelming evidence, the wackiness of the story still finds flabbergasted nonbelievers.

On a different thread from a few days ago, Paolo Caversaccio, a Switzerland‑based engineer and entrepreneur focused on cryptography, privacy and security, shared one of his attempts to employ the same Kim Jong-Un insult tactic to make sure he is not working with North Korean spies.

He then entered an argument with long‑time Ethereum ecosystem developer and founder Micah Zoltu regarding the actual effectiveness of the technique. But Caversaccio’s argument was compelling: he has been dealing with DPRK IT workers for more than three years.

The real deal for traders right now isn’t guessing the next meme, but identifying which teams can defend against nation‑state attackers.

For a while now, crypto has been entering a phase where geopolitics, state‑sponsored cyber ops, and HR compliance are as important as code audits. North Korean infiltration risk is now a structural factor for the industry.

Considering this, traders should remember that protocols with weak contributor vetting, opaque multisigs, or ad‑hoc governance present elevated tail‑risk that markets will increasingly price in.

It is also advisable to look for projects that can prove stronger operational security, incident response and KYC for critical roles may enjoy relatively stronger valuations and more sticky TVL.

Cover image from Perplexity. BTCUSDT chart from Tradingview.