北韓在加密領域有著深厚的根基

北韓開發人員參與了數量驚人的加密貨幣項目。

North Korean developers have been hired by a surprisingly large number of crypto projects.

數量驚人的加密貨幣項目僱用了北韓開發人員。

CoinDesk's Sam Kessler reported last week that developers and IT workers employed by the Democratic People's Republic of Korea – i.e. North Korea – have managed to get themselves hired by a number of crypto projects, giving them two different ways of raising funds for the national regime.

CoinDesk 的Sam Kessler 上週報道稱，朝鮮民主主義人民共和國（即朝鮮）僱用的開發人員和IT 工人已成功受僱於許多加密貨幣項目，這為他們提供了兩種不同的方式為國家政權籌集資金。

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

您正在閱讀《加密狀態》，這是一份 CoinDesk 時事通訊，關注加密貨幣與政府的交叉點。按一下此處註冊未來版本。

The narrative

敘事

CoinDesk reporter Sam Kessler found that more than a dozen different crypto companies and projects – including some well-known ones – inadvertently hired developers and IT workers from the Democratic People's Republic of Korea (aka North Korea), something that's troubling on a number of levels for these projects.

CoinDesk 記者Sam Kessler 發現，十多家不同的加密貨幣公司和項目（包括一些知名的公司和項目）無意中僱用了來自朝鮮民主主義人民共和國（又名朝鮮）的開發人員和IT 工人，這在很多層面上都令人不安對於這些項目。

Why it matters

為什麼這很重要

Being that North Korea is under heavy sanctions, hiring developers from the country would put a project in violation of U.S. law. It also seems clear that some of these employees enabled the projects they worked for to be hacked.

由於北韓受到嚴厲制裁，從該國僱用開發商將使該計畫違反美國法律。很明顯，其中一些員工導致他們工作的專案遭到駭客攻擊。

Breaking it down

分解它

This isn't a new problem when it comes to North Korean employees working for U.S. companies. In July, cybersecurity firm KnowBe4 published a blog post explaining how it accidentally hired a DPRK software engineer. A few months before that, an Arizona resident and four others were charged by prosecutors with helping DPRK IT workers land roles at U.S. companies.

對於為美國公司工作的北韓員工來說，這並不是一個新問題。 7 月，網路安全公司 KnowBe4 發表了一篇博文，解釋了它如何意外聘用了一名北韓軟體工程師。幾個月前，一名亞利桑那州居民和其他四人被檢察官指控幫助北韓 IT 工人在美國公司找到職位。

These employees send (or are forced to send) most of their paychecks to the regime, which in turn helps the DPRK continue its various activities. Projects that are compromised by vulnerabilities inserted by these employees also risk losing more funds to North Korea. It's not just a hypothetical concern; prosecutors have brought various charges alleging DPRK-affiliated IT workers were able to compromise companies.

這些員工將大部分工資寄給（或被迫寄給）政權，這反過來又幫助北韓繼續其各種活動。因這些員工插入的漏洞而受到損害的項目也面臨著向北韓損失更多資金的風險。這不只是一個假設的問題；而是一個問題。檢察官提出了多項指控，指控與北韓有關的 IT 員工能夠危害公司。

Sanctions concerns first: Any company that hires an employee based in North Korea violates U.S. sanctions law. It doesn't necessarily matter if this hiring was inadvertent – the companies can be prosecuted regardless.

首先是製裁問題：任何僱用北韓員工的公司都違反了美國制裁法。這種聘用是否是無意的並不一定重要——無論如何，這些公司都可能會被起訴。

Kessler reported that, so far at least, the U.S. government "has been lenient about bringing charges – on some level acknowledging that they were victims of, at best, an unusually elaborate and sophisticated type of identity fraud."

凱斯勒報告說，至少到目前為止，美國政府“在提出指控方面一直很寬容——在某種程度上承認他們充其量是一種異常複雜和複雜的身份欺詐類型的受害者。”

It's still something companies will have to pay closer attention to as they move forward, especially with crypto gaining increasing attention in recent months.

這仍然是公司在前進過程中必須更加密切關注的事情，尤其是近幾個月來加密貨幣越來越受到關注。

Companies also need to be concerned with getting hacked by the DPRK, which again is not just a hypothetical concern. Axie Infinity is perhaps one of the most prominent examples of how easily hackers can steal funds from a crypto company after just a small mistake. Axie was hacked in March 2022, losing $625 million at the time. U.S. officials tied North Korean hacking group Lazarus to the theft a month later.

公司還需要擔心被北韓駭客攻擊，這又不只是一個假設的問題。 Axie Infinity 或許是最突出的例子之一，說明駭客只需犯一個小錯誤就可以輕鬆地從加密貨幣公司竊取資金。 Axie 於 2022 年 3 月遭到駭客攻擊，當時損失了 6.25 億美元。一個月後，美國官員將北韓駭客組織 Lazarus 與這起竊案聯繫起來。

Several other projects were hacked after employing DPRK IT workers, Kessler reported, including Sushi Finance.

凱斯勒報導，其他幾個項目在僱用北韓 IT 員工後也遭到駭客攻擊，其中包括 Sushi Finance。

Sam's entire report is worth your attention – I'm re-linking it here – and it would behoove companies to consider how to mitigate these kinds of risks moving forward.

薩姆的整個報告值得您關注——我在這裡重新連結——公司有必要考慮如何減輕未來的此類風險。

Stories you may have missed

你可能錯過的故事

This week

本星期

Wednesday

週三

Elsewhere:

別處：

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at nik@coindesk.com or find me on Twitter @nikhileshde.

如果您對我下週應該討論的內容有想法或疑問，或者您想分享任何其他反饋，請隨時發送電子郵件至 nik@coindesk.com 或透過 Twitter @nikhileshde 找到我。

You can also join the group conversation on Telegram.

您也可以加入 Telegram 上的群組對話。

See ya’ll next week!

下週見！

Edited by Harris Anzji Harris Anzji is a CoinDesk editor covering institutional crypto, Web3 and Layer 2. He previously worked at Blockworks and FX Street.

由 Harris Anzji 編輯 Harris Anzji 是一名 CoinDesk 編輯，涵蓋代理商加密貨幣、Web3 和 Layer 2。

Nik De is managing editor for global policy and regulation at CoinDesk, where he covers the intersection of cryptocurrency and government, institutions and regulators. He also covers regulatory and legal developments in Web3 and digital assets broadly. Nik owns a small amount of bitcoin and ether.

Nik De 是 CoinDesk 全球政策和監管部門的執行編輯，負責加密貨幣與政府、機構和監管機構的交叉領域。他還廣泛涵蓋 Web3 和數位資產的監管和法律發展。 Nik 擁有少量比特幣和以太幣。

Our standards:Disclosure

我們的標準：揭露

Please note that our privacy policy, terms of use, cookies and do not sell my personal information policies apply to CoinDesk.com, but not to third party sites. CoinDesk is fully owned by Digital Currency Group, which also owns and operates Genesis Trading, CoinDesk Indices, Luno, and Grayscale.

請注意，我們的隱私權政策、使用條款、cookie 和不出售我的個人資訊政策適用於 CoinDesk.com，但不適用於第三方網站。 CoinDesk 由數位貨幣集團全資擁有，該集團還擁有並經營 Genesis Trading、CoinDesk Indices、Luno 和 Grayscale。