North Korean hackers attempt to apply for CEX daily, forging a large number of resumes.

On August 13, CEX Chief Security Officer Jimmy Su stated that the exchange receives a large number of fake resumes every day, and he is sure these resumes are written by potential North Korean attackers. In his view, state-level attackers from North Korea represent the biggest threat faced by companies in the current encryption industry. Su explained that North Korean attackers have been a problem during CEX's eight years of operation, but recently their methods of attack have upgraded in the field of encryption. "Currently, the biggest threat to the encryption industry comes from state-level attackers, especially North Korea's Lazarus Group," Su added, "In the past two to three years, they have focused on the encryption field and have achieved considerable success in their actions." He also mentioned that "almost all major North Korean hacker incidents involve the assistance of a disguised employee in carrying out the attack." State-level attackers from North Korea have two common methods of attack: implanting malicious code in public NPM libraries and sending fake job invitations to encryption practitioners. NPM (Node Package Manager) libraries or packages are collections of reusable code commonly used by developers. Malicious attackers can copy these packages and insert a tiny line of malicious code, which may lead to serious consequences while maintaining the original functionality. Even if the malicious code is discovered only once, it can gradually penetrate the system as developers build new features on top of it. To guard against such risks, CEX must carefully review every line of code. Major encryption exchange platforms share security intelligence in Telegram and Signal groups to mark libraries that have been implanted with malicious code and new emerging attack methods from North Korea.