“That Dev Looked Great—Until We Realised He Wasn’t Real”
I’ve spent years in crypto recruitment, combing through CVs, doing deep-dives into GitHub profiles, and thinking I could sniff out a dodgy candidate a mile off. But even seasoned recruiters are being fooled these days—North Korea’s job scam operations have shown just how sophisticated fake candidates can be, often slipping through layers of due diligence.
But North Korea’s job scam? That one hit different.
You’ve probably seen the headlines: fake devs from North Korea posing as freelance engineers, getting hired by Western crypto startups, and using their access to funnel millions back to the regime. These weren’t your average phishing scams—they passed video interviews, wrote solid code, and even engaged in Slack stand-ups.
This wasn’t just one or two firms being careless. This was systemic. And it confirmed what many of us in crypto hiring already suspected:
The vetting process is broken.
Fake Identities Are Way Too Easy to Miss
Let’s get this straight: the devs in North Korea’s job scam were not junior-level fakers. They had cloned LinkedIn profiles, spoofed IP addresses, deepfaked interviews, and even paid real engineers to sit for live coding tests.
When one of my clients brought me in to review a hiring pipeline, I spotted red flags immediately: GitHub accounts created in the last 6 months, no public commits, glowing references from suspicious email domains.
But here’s the problem—most hiring managers never check that deep. If a candidate ticks the skill boxes and shows up on time, they’re in.
In the remote-first world, that’s just not enough anymore.
Crypto Is the Perfect Target—and We’ve Made It Easy
Why is North Korea’s job scam happening in crypto more than anywhere else?
Simple. We move fast, hire globally, and often prioritise delivery over diligence. Many projects don’t even have HR departments—just a founder, a dev lead, and a Telegram group.
Remote-first and decentralised teams are amazing for agility. But without the proper checks? It’s like giving someone the keys to a vault and hoping they don’t peek inside.
I once worked with a DeFi startup that onboarded three engineers in the same month. None had background checks. Two had inconsistent resumes. One was a paid actor on Upwork.
It sounds wild, but when you’re launching a token next week, who has time for due diligence?
That culture has to change.
KYC for Employees? It’s Coming—And It Should Be
After North Korea’s job scam made global headlines, a few founders I know panicked. They started re-verifying everyone, cross-referencing nationalities, even rolling back access for recent hires.
Some are now asking: “Should we run KYC on employees like we do on users?”
Honestly? Yes.
We already verify contributors to DAOs. We already make token holders pass compliance. Why not treat our core team with the same level of scrutiny?
It doesn’t have to be invasive. A simple identity verification, IP check, and GitHub repo audit should be baseline.
I’ve started recommending services like Veriff and Persona to my clients—not just for compliance, but for peace of mind.
The Human Touch Still Matters
One of the scariest things about North Korea’s job scam is that it showed how easily automation can be fooled. AI-generated CVs. Pre-recorded interviews. Outsourced code tests.
You know what still works? A real conversation.
I’m talking about digging into a candidate’s story—asking them about their favourite side projects, their tech stack preferences, what they’d do differently in a past role. Real, human stuff.
That’s where fakers slip up. They know how to pass a test, but not how to sound genuinely curious.
If I had one takeaway for every crypto founder out there, it’s this: don’t outsource your gut instinct. Use it. Ask hard questions. Follow your curiosity.
We Can’t Afford to Get This Wrong Again
North Korea’s job scam isn’t just an embarrassing chapter—it’s a wake-up call.
We love to talk about decentralisation, borderless hiring, and the freedom to build anywhere. But that freedom comes with risk. And unless we overhaul how we vet, verify, and onboard talent, we’re inviting more than just inefficiency—we’re risking infiltration.
As someone who’s helped dozens of crypto teams scale, I’ll say this: security isn’t just a protocol thing. It starts with who you hire.
It’s time we treated recruitment with the same seriousness we give to smart contract audits.
