For months, Cointelegraph took part in an investigation centered around a suspected North Korean operative that uncovered a cluster of threat actors attempting to score freelancing gigs in the cryptocurrency industry.
The investigation was led by Heiner Garcia, a cyber threat intelligence expert at Telefónica and a blockchain security researcher. Garcia uncovered how North Korean operatives secured freelance work online even without using a VPN.
Garcia’s analysis linked the applicant to a network of GitHub accounts and fake Japanese identities believed to be associated with North Korean operations. In February, Garcia invited Cointelegraph to take part in a dummy job interview he had set up with a suspected Democratic People’s Republic of Korea (DPRK) operative who called himself “Motoki.”
Ultimately, Motoki accidentally exposed links to a cluster of North Korean threat actors, then rage-quit the call.
Here’s what happened.
Suspected North Korean crypto spy posed as a Japanese developer
Garcia first encountered Motoki on GitHub in