PANews reported on November 24th, citing DL News, that Pablo Sabbatella, founder of Web3 auditing firm Opsek and a member of the Security Alliance (SEAL), revealed at the Devconnect conference that North Korean infiltration is far more extensive than imagined. He stated that 15% to 20% of crypto companies harbor North Korean infiltrators, and 30% to 40% of job applications may come from North Korean agents attempting to infiltrate. Due to international sanctions, most North Korean agents cannot directly seek employment, so they recruit remote workers globally, especially from developing countries like Ukraine and the Philippines, as cover. They require these workers to hand over their account credentials or allow them to remotely use their identities. The workers receive 20% of the earnings, while the agents take 80%.

North Korean agents also recruit Americans as "front-end" agents, posing as non-English speaking, Chinese interviewees to implant malware on their computers to obtain US IP addresses and bypass restrictions to access more content. Once hired, they are often retained long-term due to their diligence and lack of complaint. To identify them, one can ask for their opinions on Kim Jong-un; they are forbidden from speaking ill of him. Sabbatella claims that the cryptocurrency industry suffers from poor security, making founders vulnerable to social engineering attacks and their computers susceptible to malware infection.