Crypto teams adopt Kim Jong-Un test to block North Korean agents
Crypto teams adopt a “Kim Jong‑Un test” in interviews. Goal: filter suspected DPRK operatives after a $285M exploit.
Founders say they ask candidates to verbally insult North Korea’s leader on calls. Several claim DPRK IT workers refuse and freeze.
The trigger was the April 1 attack on Drift, a protocol on Solana, attributed to DPRK‑aligned UNC4736 by NewsBTC. Tactics cited include fake personas, long‑run social engineering, and compromised tooling, detailed by Bitcoinist.
Security researcher Tanuki42 posted interview clips showing a candidate freezing when asked to insult Kim Jong‑Un. He says the filter “works right now.” Video 1. Video 2. He later noted the candidate wiped chats and changed handles here.
Investor Jason Choi wrote that “several founders” told him the test worked for them source. Builder Parv says he has used it since 2024 after interviewing a suspected DPRK agent in 2022 post. Cybersecurity founder Simon Wijckmans shared his own clip of a candidate refusing to call Kim “a dictator” video.
Not everyone is convinced. Engineer Paolo Caversaccio showed a similar test on contributors and argued it’s a “very strong” filter based on three years dealing with DPRK IT workers thread 1, thread 2.
What investors track now
- Nation‑state infiltration risk cited as structural for crypto, per shared founder commentary and post‑mortems details.
- Teams are adding contributor vetting and HR checks alongside audits, reflecting lessons from the Drift exploit source.
