A North Korean operative, posing as a Japanese developer named “Motoki,” inadvertently revealed ties to a broader network of cyber threat actors during a staged job interview designed to expose infiltration attempts within the cryptocurrency industry.

The sting operation was orchestrated by Heiner Garcia, a cyber threat intelligence expert at Telefónica, in collaboration with Cointelegraph. Garcia had been investigating a cluster of GitHub accounts linked to suspected North Korean operatives seeking freelance work in the crypto sector. His attention was drawn to Motoki’s profile, which unusually featured a human face photo—a rarity among North Korean state actors.

Garcia initiated contact with Motoki under the guise of a headhunter for a fictitious company. During the interview conducted on February 25, Motoki’s behavior raised suspicions. He repeatedly gave identical answers to different questions and failed to demonstrate proficiency in Japanese, despite claiming to be a native speaker. When prompted to introduce himself in Japanese, Motoki hesitated, appeared to search for a scripted response, and ultimately terminated the call abruptly.

Notably, during the interview, Motoki shared his screen, inadvertently exposing access to private GitHub repositories associated with “bestselection18,” a known alias for a seasoned North Korean IT infiltrator. This revelation provided concrete evidence linking Motoki to a larger network of operatives attempting to penetrate the crypto gig economy through platforms like OnlyDust.

Garcia’s findings underscore the sophisticated tactics employed by North Korean cyber actors, who leverage false identities and exploit remote work opportunities to infiltrate sensitive sectors. The incident highlights the critical need for rigorous vetting processes and heightened vigilance in the hiring practices within the cryptocurrency industry.

Binance co-founder Changpeng “CZ” Zhao envisions Bitcoin’s price soaring between $500,000 and $1 million during the current market cycle, attributing this potential surge to increased institutional adoption, government accumulation, and a more favorable U.S. policy stance toward cryptocurrencies.

In a recent interview with Rug Radio, CZ highlighted the impact of Bitcoin spot exchange-traded funds (ETFs) in attracting traditional institutional capital into the crypto market. He remarked, “There’s the ETFs. There’s this institutionalization of Bitcoin… it’s a positive in terms of price action, obviously. Our bags are up — not the alt‑coins as much, but at least Bitcoin is.”

CZ also pointed out that governments are increasingly participating in Bitcoin accumulation, citing examples like El Salvador and Bhutan. He noted that such governmental involvement not only boosts price action but also serves as strong validation for Bitcoin’s legitimacy.

Discussing the political landscape, CZ observed a significant shift in U.S. policy under a pro-crypto administration, suggesting that this change could encourage other nations to follow suit. He stated, “They’re smart enough to recognize that buying Bitcoin is a great move, and now other countries will have to follow.”

Addressing retail investors, CZ emphasized that they have had ample opportunity over the past 15 years to invest in Bitcoin. He implied that any current hesitation or delay in investment is a personal choice, given the longstanding availability of the asset.

A Russian-Israeli citizen, Alexander Gurevich, is set to be extradited to the United States to face charges related to the $190 million Nomad bridge hack that occurred in August 2022. Gurevich was arrested at Israel’s Ben-Gurion Airport on May 1 while attempting to board a flight to Russia. Authorities allege he exploited a vulnerability in the Nomad bridge, stealing approximately $2.89 million worth of tokens.

Following the initial breach, numerous copycat hackers exploited the same vulnerability, culminating in total losses of around $190 million. Prosecutors claim that Gurevich contacted Nomad’s Chief Technology Officer, James Prestwich, via Telegram under a false identity, admitting to the hack and expressing remorse. He reportedly returned about $162,000 to a recovery wallet set up by Nomad and discussed a potential 10% bounty for the stolen assets, but later demanded $500,000 for identifying the vulnerability.

The U.S. Department of Justice filed an eight-count indictment against Gurevich in August 2023, including charges of money laundering and transferring stolen property. The extradition request was formally submitted in December 2024. If convicted, Gurevich faces up to 20 years in prison. Israeli authorities believe he conducted the attack while in Israel, as he had returned to the country shortly before the exploit occurred.