朝鲜在加密领域有着深厚的根基

朝鲜开发人员参与了数量惊人的加密货币项目。

North Korean developers have been hired by a surprisingly large number of crypto projects.

数量惊人的加密货币项目雇用了朝鲜开发人员。

CoinDesk's Sam Kessler reported last week that developers and IT workers employed by the Democratic People's Republic of Korea – i.e. North Korea – have managed to get themselves hired by a number of crypto projects, giving them two different ways of raising funds for the national regime.

CoinDesk 的 Sam Kessler 上周报道称，朝鲜民主主义人民共和国（即朝鲜）雇用的开发人员和 IT 工人已成功受雇于许多加密货币项目，这为他们提供了两种不同的方式为国家政权筹集资金。

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

您正在阅读《加密状态》，这是一份 CoinDesk 时事通讯，关注加密货币与政府的交叉点。单击此处注册未来版本。

The narrative

叙事

CoinDesk reporter Sam Kessler found that more than a dozen different crypto companies and projects – including some well-known ones – inadvertently hired developers and IT workers from the Democratic People's Republic of Korea (aka North Korea), something that's troubling on a number of levels for these projects.

CoinDesk 记者 Sam Kessler 发现，十多家不同的加密货币公司和项目（包括一些知名的公司和项目）无意中雇佣了来自朝鲜民主主义人民共和国（又名朝鲜）的开发人员和 IT 工人，这在很多层面上都令人不安对于这些项目。

Why it matters

为什么这很重要

Being that North Korea is under heavy sanctions, hiring developers from the country would put a project in violation of U.S. law. It also seems clear that some of these employees enabled the projects they worked for to be hacked.

由于朝鲜受到严厉制裁，从该国雇用开发商将使项目违反美国法律。很明显，其中一些员工导致他们工作的项目遭到黑客攻击。

Breaking it down

分解它

This isn't a new problem when it comes to North Korean employees working for U.S. companies. In July, cybersecurity firm KnowBe4 published a blog post explaining how it accidentally hired a DPRK software engineer. A few months before that, an Arizona resident and four others were charged by prosecutors with helping DPRK IT workers land roles at U.S. companies.

对于为美国公司工作的朝鲜员工来说，这并不是一个新问题。 7 月，网络安全公司 KnowBe4 发表了一篇博文，解释了它如何意外聘用了一名朝鲜软件工程师。几个月前，一名亚利桑那州居民和其他四人被检察官指控帮助朝鲜 IT 工人在美国公司找到职位。

These employees send (or are forced to send) most of their paychecks to the regime, which in turn helps the DPRK continue its various activities. Projects that are compromised by vulnerabilities inserted by these employees also risk losing more funds to North Korea. It's not just a hypothetical concern; prosecutors have brought various charges alleging DPRK-affiliated IT workers were able to compromise companies.

这些雇员将大部分工资寄给（或被迫寄给）政权，这反过来又帮助朝鲜继续其各种活动。因这些员工插入的漏洞而受到损害的项目也面临着向朝鲜损失更多资金的风险。这不仅仅是一个假设的问题；而是一个问题。检察官提出了多项指控，指控与朝鲜有关的 IT 员工能够危害公司。

Sanctions concerns first: Any company that hires an employee based in North Korea violates U.S. sanctions law. It doesn't necessarily matter if this hiring was inadvertent – the companies can be prosecuted regardless.

首先是制裁问题：任何雇用朝鲜员工的公司都违反了美国制裁法。这种聘用是否是无意的并不一定重要——无论如何，这些公司都可能会被起诉。

Kessler reported that, so far at least, the U.S. government "has been lenient about bringing charges – on some level acknowledging that they were victims of, at best, an unusually elaborate and sophisticated type of identity fraud."

凯斯勒报告说，至少到目前为止，美国政府“在提出指控方面一直很宽容——在某种程度上承认他们充其量是一种异常复杂和复杂的身份欺诈类型的受害者。”

It's still something companies will have to pay closer attention to as they move forward, especially with crypto gaining increasing attention in recent months.

这仍然是公司在前进过程中必须更加密切关注的事情，尤其是近几个月来加密货币越来越受到关注。

Companies also need to be concerned with getting hacked by the DPRK, which again is not just a hypothetical concern. Axie Infinity is perhaps one of the most prominent examples of how easily hackers can steal funds from a crypto company after just a small mistake. Axie was hacked in March 2022, losing $625 million at the time. U.S. officials tied North Korean hacking group Lazarus to the theft a month later.

公司还需要担心被朝鲜黑客攻击，这又不仅仅是一个假设的问题。 Axie Infinity 或许是最突出的例子之一，说明黑客只需犯一个小错误就可以轻松地从加密货币公司窃取资金。 Axie 于 2022 年 3 月遭到黑客攻击，当时损失了 6.25 亿美元。一个月后，美国官员将朝鲜黑客组织 Lazarus 与这起盗窃案联系起来。

Several other projects were hacked after employing DPRK IT workers, Kessler reported, including Sushi Finance.

凯斯勒报道称，其他几个项目在雇用朝鲜 IT 员工后也遭到黑客攻击，其中包括 Sushi Finance。

Sam's entire report is worth your attention – I'm re-linking it here – and it would behoove companies to consider how to mitigate these kinds of risks moving forward.

萨姆的整个报告值得您关注——我在这里重新链接——公司有必要考虑如何减轻未来的此类风险。

Stories you may have missed

你可能错过的故事

This week

本星期

Wednesday

周三

Elsewhere:

别处：

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at nik@coindesk.com or find me on Twitter @nikhileshde.

如果您对我下周应该讨论的内容有想法或疑问，或者您想分享任何其他反馈，请随时发送电子邮件至 nik@coindesk.com 或通过 Twitter @nikhileshde 找到我。

You can also join the group conversation on Telegram.

您还可以加入 Telegram 上的群组对话。

See ya’ll next week!

下周见！

Edited by Harris Anzji Harris Anzji is a CoinDesk editor covering institutional crypto, Web3 and Layer 2. He previously worked at Blockworks and FX Street.

由 Harris Anzji 编辑 Harris Anzji 是一名 CoinDesk 编辑，涵盖机构加密货币、Web3 和 Layer 2。他之前曾在 Blockworks 和 FX Street 工作。

Nik De is managing editor for global policy and regulation at CoinDesk, where he covers the intersection of cryptocurrency and government, institutions and regulators. He also covers regulatory and legal developments in Web3 and digital assets broadly. Nik owns a small amount of bitcoin and ether.

Nik De 是 CoinDesk 全球政策和监管部门的执行编辑，负责加密货币与政府、机构和监管机构的交叉领域。他还广泛涵盖 Web3 和数字资产的监管和法律发展。 Nik 拥有少量比特币和以太币。

Our standards:Disclosure

我们的标准：披露

Please note that our privacy policy, terms of use, cookies and do not sell my personal information policies apply to CoinDesk.com, but not to third party sites. CoinDesk is fully owned by Digital Currency Group, which also owns and operates Genesis Trading, CoinDesk Indices, Luno, and Grayscale.

请注意，我们的隐私政策、使用条款、cookie 和不出售我的个人信息政策适用于 CoinDesk.com，但不适用于第三方网站。 CoinDesk 由数字货币集团全资拥有，该集团还拥有并经营 Genesis Trading、CoinDesk Indices、Luno 和 Grayscale。