Amid another major hack attributed to agents linked to North Korea, some cryptocurrency makers have admitted that they pass checks during interviews with developers to ensure they are not agents of North Korea.
Kim Jong-un’s Anti-Scam Test for Cryptocurrency Developers
Once again, the Democratic People’s Republic of Korea is responsible for some action-movie-like moves.
After attribution April 1: $285 million attack on Drift Protocol To UNC4736, a North Korean-allied and state-sponsored hacking group, several cryptocurrency industry actors took to the social network
All details on the long-term social engineering, fake professional personas, in-person conference meetings, and hacked tools used in the attack can be found at Yesterday’s article on our sister site Bitcoinist.
It may seem unbelievable and ridiculous, but the most obvious strategy some of these builders have found is to ask candidates to explicitly insult Kim Jong Un, the head of the North Korean regime, during interviews.
Related reading
Cryptocurrency creators share the guide
Yesterday, Tanuki42, an independent blockchain security investigator, shared a real video of “a North Korean IT worker who was stopped dead in his tracks when asked to insult Kim Jong Un.”
In the video, Taro Ikuchi was not only unable to repeat after the interview that “Kim Jong Un is a fat, ugly pig,” but was surprised and visibly nervous.
Here’s a video of a North Korean IT worker being stopped dead in his tracks when asked to insult Kim Jong Un.
This won’t work forever, but for now it’s a really effective filter. I have yet to find anyone who can say that. https://t.co/8FFVPxNm8X pic.twitter.com/KXI5efMo5L
– Tanuki42 (@tanuki42_) April 6, 2026
In a different video shared by the security investigator, Taro amusingly tells him that he “knows North Korea very well,” but then has very comfortable communication problems when asked to say, “Fuck Kim Jong Un.”
The clip you posted was actually the second round. Here’s Round 1 – I told Taro that I was a North Korean security researcher, and he told me that he “knew North Korea very well.” Mysterious connection issues when I say “Fuck Kim Jong Un”, which he apologizes for when I call back.😅 pic.twitter.com/M89KDDmASW
– Tanuki42 (@tanuki42_) April 6, 2026
Later in the thread, Tanuki42 showed that the candidate changed his Telegram account, deleted the chat and blocked him after the interview.
🚨@taroaikuchi He just changed his Telegram handle @cryptotrading2150->@cryptodegen202 -He already deleted our chat and blocked me 😭 pic.twitter.com/EcQedYyGG7
– Tanuki42 (@tanuki42_) April 6, 2026
His X account and LinkedIn page also disappeared.
Cryptocurrency investor and fund manager Jason Choi quoted Tanuki42 to reiterate the message, claiming that a lot of crypto founders have told him that this test works.
Many cryptocurrency founders have told me that they ran this test and it actually worked https://t.co/DIZHoZDZ0l
— Jason Choi (@mrjasonchoi) April 6, 2026
Crypto founder and RWA-focused builder Pav responded to Choi saying he was using the tactic in 2024, after… He discovered that he was interviewing with a DPRK agent for an engineering position in 2022.
I have been using this since 2024 and it works like a charm https://t.co/nYWYIGxrAA
– Parv (@Parv_EP) April 6, 2026
Simon Wickmans, another cybersecurity founder and product lead, also responded to Choi sharing a clip from one of his own interviews with the William Nation candidate, who failed to say Kim Jong Un is a dictator after being asked to do so by Wiekmans.
Yes pic.twitter.com/Aht731yvRc
– Simon (@SimonWijckmans) April 6, 2026
Some cryptocurrency creators remain skeptical
Despite the overwhelming evidence, the absurdity of the story continues to find non-believers stunned.
In a different thread a few days ago, Paolo Caversaccio, a Swiss-based engineer and entrepreneur focused on encryption, privacy, and security, shared one of his attempts to use the same insult tactic on Kim Jong Un to make sure he’s not working with North Korean spies.
From now on, I will require every external contributor to my agreements to insult Kim Jong Un; It’s an easy but powerful way to prevent DPRK development codes (some of which are really good) from being merged (they’ll never get approval to do so). This man passed… pic.twitter.com/Ms86or5GiP
— sudo rm -rf –no-preserve-root / (@pcaversaccio) April 4, 2026
He then got into an argument with long-time Ethereum developer and founder, Mika Zolto, regarding the actual effectiveness of this technology. But Caversaccio’s argument was convincing: he has been dealing with IT workers in the DPRK for more than three years.
After dealing for more than 3 years with IT workers in DPRK, I can confidently claim that this filter is very powerful. We will probably publish some interviews with the DPRK publicly and link them here, as they always fail to answer this question. You might think my filter is a bit random…
— sudo rm -rf –no-preserve-root / (@pcaversaccio) April 5, 2026
Market effects
Related reading
The real deal for traders right now is not to guess the next picture, but to determine which teams can defend against nation-state attackers.
For some time now, cryptocurrencies have entered a phase where geopolitics, state-sponsored cyber operations, and human resources compliance have become as important as code audits. North Korean infiltration risks are now a structuring factor for the industry.
Given this, traders should remember that protocols with weak shareholder vetting, ambiguous multi-signatures, or ad hoc governance represent high tail risks that markets will increasingly price out.
It is also advisable to look for projects that can demonstrate stronger operational security, incident response, and KYC for critical roles that may have relatively stronger valuations and a more consistent TVL.
At the moment of writing, BTC trades for around $68k on the daily chart. Source: BTCUSDT on Tradingview.
Cover image by Perplexity. BTCUSDT chart from Tradingview.
