DPRK IT Workers in Open Source and Freelance Platforms
Contents
DPRK IT Workers Leveraging Open Source and Freelance Platforms
On February 9, 2025, we discovered a suspicious actor within the repository of a legitimate developer. Initially, we informed the developer about the potential malicious intent of one of his active committers. This led us into a two-month-long process of discovering additional North Korean actors, “PR Spammers” and experiencing the subpar vetting process present in one of the “Pay for PR” (freelance) platforms in Web3.
First of all, this article is a call to action for any protocol or platform employing remote workers and open source contributors, especially when payments are made in cryptocurrencies and where low to no KYC is performed. Secondly, it’s a warning: avoidance of the issue by the affected platform may have consequences beyond it. By harboring DPRK IT Workers, you are allowing their credibility to grow, their future infiltration to be more effective, and you are putting developers …
On February 9, 2025, we discovered a suspicious actor within the repository of a legitimate developer. Initially, we informed the developer about the potential malicious intent of one of his active committers. This led us into a two-month-long process of discovering additional North Korean actors, “PR Spammers” and experiencing the subpar vetting process present in one of the “Pay for PR” (freelance) platforms in Web3.
First of all, this article is a call to action for any protocol or platform employing remote workers and open source contributors, especially when payments are made in cryptocurrencies and where low to no KYC is performed. Secondly, it’s a warning: avoidance of the issue by the affected platform may have consequences beyond it. By harboring DPRK IT Workers, you are allowing their credibility to grow, their future infiltration to be more effective, and you are putting developers …
IoC
https://app.onlydust.com/projects/stellar-wallet/overview
https://github.com/hi-tech-AI
https://github.com/brightlystar0117
https://app.onlydust.com/projects/weaver
https://app.onlydust.com/projects/hackathon-bot
https://communityfund.stellar.org/dashboard/submissions/reccBR6CyNvbjqL2E
https://github.com/techeng322
https://github.com/cryptogru812
https://app.onlydust.com/projects/spotnet/overview
https://github.com/aidenwong812
https://github.com/lionstar259007
https://github.com/legendx0333
https://github.com/ImfanAi
https://github.com/StealthCoder1109
https://github.com/toptalhook
https://github.com/aidenwong812/ng-frontend-application-
https://github.com/codepert
https://github.com/kirbyAttack
https://github.com/SmileS-777
https://github.com/V0410
https://app.onlydust.com/projects/tansu/contributors
https://github.com/tupui/soroban-versioning
https://github.com/swdreams
https://github.com/SweetDream
https://app.onlydust.com/projects/starkcade
https://github.com/deeplus2021
https://app.onlydust.com/projects/trustless-work-/overview
https://github.com/billiedox
https://github.com/V0410/ng-frontend-application/commits/main/aidenwong812
https://github.com/bestselection18
https://app.onlydust.com/projects/spotnet
https://app.onlydust.com/projects/starknet-id
https://github.com/mymiracle0118
https://github.com/motokimasuo
https://app.onlydust.com/projects/starknet-quest
https://github.com/tranguixdev
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
23007375acb432a6aa318a79b8fb06fd8a229c29
63155ca917d07758c18cd270782c7d6219a4eae7
376dfa583a19a578974f4779fb6a8975b2a204fe
9562b9a7bb17488ac8203c66410e295f800a13eb
https://github.com/hi-tech-AI
https://github.com/brightlystar0117
https://app.onlydust.com/projects/weaver
https://app.onlydust.com/projects/hackathon-bot
https://communityfund.stellar.org/dashboard/submissions/reccBR6CyNvbjqL2E
https://github.com/techeng322
https://github.com/cryptogru812
https://app.onlydust.com/projects/spotnet/overview
https://github.com/aidenwong812
https://github.com/lionstar259007
https://github.com/legendx0333
https://github.com/ImfanAi
https://github.com/StealthCoder1109
https://github.com/toptalhook
https://github.com/aidenwong812/ng-frontend-application-
https://github.com/codepert
https://github.com/kirbyAttack
https://github.com/SmileS-777
https://github.com/V0410
https://app.onlydust.com/projects/tansu/contributors
https://github.com/tupui/soroban-versioning
https://github.com/swdreams
https://github.com/SweetDream
https://app.onlydust.com/projects/starkcade
https://github.com/deeplus2021
https://app.onlydust.com/projects/trustless-work-/overview
https://github.com/billiedox
https://github.com/V0410/ng-frontend-application/commits/main/aidenwong812
https://github.com/bestselection18
https://app.onlydust.com/projects/spotnet
https://app.onlydust.com/projects/starknet-id
https://github.com/mymiracle0118
https://github.com/motokimasuo
https://app.onlydust.com/projects/starknet-quest
https://github.com/tranguixdev
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
23007375acb432a6aa318a79b8fb06fd8a229c29
63155ca917d07758c18cd270782c7d6219a4eae7
376dfa583a19a578974f4779fb6a8975b2a204fe
9562b9a7bb17488ac8203c66410e295f800a13eb