Crypto Trust Crisis — The “Kim Jong‑Un Test” Is Exposing Secret North Korean Moles

Amidst yet another big hack attributed to North Korea-linked operatives, some crypto builders have confessed they are passing tests during interviews to developers to make sure they are not North Korean agents.

The Fool-Proof “Kim Jong‑Un Test” For Crypto Developers

Once again, the Democratic People’s Republic of Korea (DPRK) is responsible for some action movie-sounding moves. Following the attribution of the April 1st $285 million attack on Drift Protocol to UNC4736, a North Korea–aligned, state‑sponsored hacking group, multiple crypto industry actors have taken to the social network X to share their fears and methods to combat what essentially are DPRK secret agents. All details on the long‑term social engineering, fake professional personas, in‑person conference meetings and compromised tooling employed in the attack can be consulted on a yesterday’s article in our sister’s website Bitcoinist. Unbelievable and hilarious as it may sound, the most straightforward strategy some of these builders have found is asking candidates to explicitly insult Kim Jong-Un, North Korea’s regime head, during interviews.

Crypto Builders Share Proof

Yesterday, Tanuki42, an independent blockchain security investigator, shared an actual video of a “North Korean IT worker being stopped dead in their tracks upon being required to insult Kim Jong Un”. In the video, “Taro Aikuchi” wasn’t just unable to repeat after the interviewer that “Kim Jong-Un is a fat, ugly pig”: he was taken aback and visibly nervous.

Here is a video of a North Korean IT worker being stopped dead in their tracks upon being required to insult Kim Jong Un.

It won’t work forever, but right now it’s genuinely an effective filter. I’m yet to come across one who can say it. pic.twitter.com/KXI5efMo5L

— tanuki42 (@tanuki42\_) April 6, 2026 In a different video shared by the security investigator, “Taro” tells him amusingly that he “knows North Korea well”, but then experiences very convenient connection issues when is asked to say “Fuck Kim Jong-Un”. The clip I posted was actually round 2. Here’s round 1 – I tell Taro I’m a North Korea security researcher, he tells me he “knows North Korea well”. Mysterious connection issues when I say “Fuck Kim Jong Un”, which he apologises for on reconnecting.😅 pic.twitter.com/M89KDDmASW

— tanuki42 (@tanuki42\_) April 6, 2026 Later on the thread, Tanuki42 showed the candidate changed his Telegram handle, wiped their chat and blocked him after the interview. 🚨@taroaikuchi just changed his Telegram handle @cryptotrading2150->@cryptodegen202 – he’d already wiped our chat and blocked me 😭 pic.twitter.com/EcQedYyGG7

— tanuki42 (@tanuki42\_) April 6, 2026 His X account and LinkedIn page also disappeared. Crypto investor and fund manager Jason Choi quoted Tanuki42’s thread to echo the message, claiming that a lot of crypto founders have shared with him that this test works. Several founders in crypto have told me they ran this test and it genuinely worked

— Jason Choi (@mrjasonchoi) April 6, 2026 Crypto founder and RWA‑focused builder Pav replied to Choi saying that he has been using the tactic 2024, after he found out he was interviewing a DPRK agent for an engineering position in 2022. have been using this since 2024 and works like a charm

Some Crypto Builders Remain Sceptic

Despite the overwhelming evidence, the wackiness of the story still finds flabbergasted nonbelievers. On a different thread from a few days ago, Paolo Caversaccio, a Switzerland‑based engineer and entrepreneur focused on cryptography, privacy and security, shared one of his attempts to employ the same Kim Jong-Un insult tactic to make sure he is not working with North Korean spies.

going forward I will request from every external contributor to my repos a nice Kim Jong Un insult; it’s an easy but powerful way to prevent DPRK dev code (and some of them are really good) to be merged (they will never ever get the approval to do this). this guy passed it… pic.twitter.com/Ms86or5GiP

— sudo rm -rf –no-preserve-root / (@pcaversaccio) April 4, 2026 He then entered an argument with long‑time Ethereum ecosystem developer and founder Micah Zoltu regarding the actual effectiveness of the technique. But Caversaccio’s argument was compelling: he has been dealing with DPRK IT workers for more than three years. After dealing for more than 3 years with DPRK IT workers I can confidently claim this filter is very strong. We will probably release some DPRK interviews publicly at some and will link it here, they always fail with this question. You probably think my filter is some random…

— sudo rm -rf –no-preserve-root / (@pcaversaccio) April 5, 2026

Market Implications

The real deal for traders right now isn’t guessing the next meme, but identifying which teams can defend against nation‑state attackers. For a while now, crypto has been entering a phase where geopolitics, state‑sponsored cyber ops, and HR compliance are as important as code audits. North Korean infiltration risk is now a structural factor for the industry. Considering this, traders should remember that protocols with weak contributor vetting, opaque multisigs, or ad‑hoc governance present elevated tail‑risk that markets will increasingly price in. It is also advisable to look for projects that can prove stronger operational security, incident response and KYC for critical roles may enjoy relatively stronger valuations and more sticky TVL.

At the moment of writing, BTC trades for around $68k on the daily chart. Source: BTCUSDT on Tradingview.

Cover image from Perplexity. BTCUSDT chart from Tradingview.