Amid yet another major hack blamed on North Korea-linked agents, some crypto builders have admitted to undergoing tests during developer interviews to ensure they are not North Korean agents.
The foolproof ‘Kim Jong-Un test’ for crypto developers
Once again, the Democratic People’s Republic of Korea (DPRK) is responsible for some action movie-like actions.
Following the attribution of the $285 million attack on the Drift Protocol on April 1 to UNC4736, a North Korea-affiliated state-sponsored hacking group, several crypto industry actors have turned to the social network X to share their fears and methods to combat what are essentially North Korean secret agents.
All details about the long-term social engineering, fake professionals, in-person conference meetings and compromised tools used in the attack can be accessed on a article from yesterday on our sister Bitcoinist’s website.
As incredible and hilarious as it may sound, the simplest strategy some of these builders have found is asking candidates to explicitly insult Kim Jong-Un, the head of the North Korean regime, during interviews.
Related reading
Crypto builders share evidence
Yesterday, Tanuki42, an independent blockchain security researcher, shared an actual video of a “North Korean IT worker stopped dead after being asked to insult Kim Jong Un.”
In the video, “Taro Aikuchi” could not only repeat after the interviewer that “Kim Jong-Un is a fat, ugly pig”: he was surprised and visibly nervous.
Here’s a video of a North Korean IT worker being stopped dead after being asked to insult Kim Jong Un.
It won’t work forever, but right now it’s a really effective filter. I have yet to meet anyone who can say it. https://t.co/8FFVPxNm8X pic.twitter.com/KXI5efMo5L
— tanuki42 (@tanuki42_) April 6, 2026
In another video shared by the security researcher, ‘Taro’ humorously tells him that he ‘knows North Korea well’, but then experiences very convenient connection issues when asked to say ‘Fuck Kim Jong-Un’.
The snippet I posted was actually round 2. Here is round 1 – I tell Taro that I am a North Korean security researcher, he tells me that he “knows North Korea well.” Mysterious connection issues when I say “Fuck Kim Jong Un”, which he apologizes for when he reconnects.😅 pic.twitter.com/M89KDDmASW
— tanuki42 (@tanuki42_) April 6, 2026
Later in the thread, Tanuki42 showed that the candidate had changed his Telegram account, deleted their chat and blocked him after the interview.
🚨@taroaikuchi just changed his Telegram handle @cryptotrading2150->@cryptodegen202 – he had already deleted our chat and blocked me 😭 pic.twitter.com/EcQedYyGG7
— tanuki42 (@tanuki42_) April 6, 2026
His X account and LinkedIn page have also disappeared.
Crypto investor and fund manager Jason Choi quoted Tanuki42’s thread to underscore the message, claiming that many crypto founders have shared with him that this test works.
Several crypto founders have told me they ran this test and it actually worked https://t.co/DIZHoZDZ0l
— Jason Choi (@mrjasonchoi) April 6, 2026
Crypto founder and RWA-focused builder Pav replied to Choi that he has used the tactic 2024, after he found himself interviewing a North Korean agent for a technical position in 2022.
been using this since 2024 and works like a charm https://t.co/nYWYIGxrAA
— Parv (@Parv_EP) April 6, 2026
Simon Wijckmans, another cybersecurity founder and product leader, also responded when Choi shared a clip from one of his own interviews with a candidate, “William Nation,” who did not say Kim Jong-Un is a dictator after Wijckmans asked him to do so.
Yes pic.twitter.com/Aht731yvRc
— Simon (@SimonWijckmans) April 6, 2026
Some Crypto Builders Remain Skeptical
Despite the overwhelming evidence, the insanity of the story still baffles disbelievers.
In another thread from a few days ago, Paolo Caversaccio, a Swiss-based engineer and entrepreneur who focuses on cryptography, privacy and security, shared one of his attempts to use the same Kim Jong-Un insult tactic to ensure he isn’t working with North Korean spies.
in the future, I’ll ask every third-party contributor to my repos for a nice Kim Jong Un insult; it’s an easy but powerful way to prevent the DPRK development code (and some of it is really good) from being merged (they will never get the approval to do this). this man passed… pic.twitter.com/Ms86or5GiP
— sudo rm -rf –no-preserve-root / (@pcaversaccio) April 4, 2026
He then entered into a discussion with longtime Ethereum ecosystem developer and founder Micah Zoltu about the actual effectiveness of the technique. But Caversaccio’s argument was compelling: he has been dealing with DPRK IT workers for more than three years.
After working with DPRK IT staff for over three years, I can confidently say that this filter is very strong. We will probably release some interviews with the DPRK publicly and link them here, they always fail with this question. You probably think my filter is random…
— sudo rm -rf –no-preserve-root / (@pcaversaccio) April 5, 2026
Implications for the market
Related reading
The real deal for traders right now isn’t guessing the next meme, but identifying which teams can defend against nation-state attackers.
Crypto has been in a phase for some time now where geopolitics, state-sponsored cyber operations and HR compliance are just as important as code audits. The North Korean infiltration risk is now a structural factor for the industry.
Taking this into account, traders should keep in mind that protocols with weak contributor controls, opaque multisigs or ad-hoc governance carry increased tail risk that markets will increasingly price down.
It is also advisable to look for projects that can demonstrate stronger operational security, incident response and KYC for critical functions, which can enjoy relatively stronger valuations and a more persistent TVL.
At the moment of writing, BTC trades for around $68k on the daily chart. Source: BTCUSDT on Tradingview.
Cover image of Perplexity. BTCUSDT chart from Tradingview.