insider trading

In a report from Bloomberg, cybersecurity firm Mandiant has claimed that North Korean citizens are plagiarising online resumes and pretending to be from other countries as they attempt to fraudulently obtain remote, freelance employment at crypto firms.

The warning from Mandiant follows a similar alert issued by the US government in May that North Koreans were seeking to infiltrate tech companies for malicious purposes.

Fake Employees Aim to Aid Regime’s Fundraising

According to Mandiant researchers, North Korean citizens have been copying resumes found on professional networking websites such as LinkedIn and Indeed, claiming to have skills relevant to working on crypto projects.

In one case, a suspected North Korean applicant claimed to have published a whitepaper about the Bibox crypto exchange. In another, the applicant claimed to be a senior software developer at a blockchain consultancy firm.

Speaking to Bloomberg, Mandiant principal analyst Joe Dobson said the North Korean applicants were seeking to gain access that allowed them to influence an organisation’s direction:

It comes down to insider threats; if someone gets hired onto a crypto project and they become a core developer, that allows them to influence things, whether for good or not.
Joe Dobson, principal analyst, Mandiant

Fellow Mandiant analyst Michael Barnhart said a central objective for the North Koreans applying for these jobs was to gather insider information on emerging trends in the crypto market, which could allow the North Korean regime to benefit through illicit fundraising efforts to skirt Western sanctions:

These are North Koreans trying to get hired and get to a place where they can funnel money back to the regime.
Michael Barnhart, principal analyst, Mandiant

Mandiant said the North Korean applicants were mainly located in China and Russia, and presented themselves as being South Korean, Japanese and in some cases American.

North Korea’s Troubled History With Crypto

The North Korean regime has used crypto-based crime as a source of revenue for some time. According to Chainalysis, the regime stole almost US$400 million worth of crypto in 2021 alone – a staggering 2.4 percent of the nation’s total GDP.

In April this year, the regime-backed Lazarus hacking group was believed to have been behind the US$625 million hack of the Ronin Network.

In a related story, around the same time former Ethereum developer Virgil Griffith was sentenced to 63 months in prison and fined US$100,000 by a US Federal Court judge for illegally travelling to North Korea in 2019 to teach citizens how they could use crypto to evade US sanctions.

Three people, including a former Coinbase employee, have been charged with wire fraud conspiracy and wire fraud over an insider trading tip-off scheme that ran from June 2021 until April 2022, netting the accused over US$1.5 million in realised and unrealised profits.

These charges are the first to be brought against defendants in a cryptocurrency insider trading case and act as a reminder that crypto markets are subject to many of the same laws that govern traditional financial markets.

Employee Tips Off Brother and Friend to Coinbase Listings

The three individuals charged by the US Attorney’s Office are former Coinbase product manager Ishan Wahi, his brother Nikhil, and his friend Sameer Ramani.

It’s alleged that Ishan Wahi used his detailed knowledge of upcoming Coinbase asset listings to tip off Nikhil Wahi and Ramani, who then purchased large quantities of the assets just prior to the announcements of their listings and sold them for a profit shortly after the announcements.

It’s alleged the trio used this method on at least 14 separate occasions, trading at least 25 different cryptocurrencies. In an attempt to cover their tracks, Nikhil Wahi and Ramani created accounts at centralised exchanges in other people’s names and transferred their assets through multiple anonymous Ethereum accounts.

Speaking about the charges against the trio, Damian Williams, Attorney General for the Southern District of New York, said:

Today’s charges are a further reminder that Web3 is not a law-free zone. Just last month, I announced the first ever insider trading case involving NFTs, and today I announce the first ever insider trading case involving cryptocurrency markets. Our message with these charges is clear: fraud is fraud is fraud, whether it occurs on the blockchain or on Wall Street. And the Southern District of New York will continue to be relentless in bringing fraudsters to justice, wherever we may find them.
Damian Williams, US Attorney General, Southern District, New York

Twitter Post Helps Uncover Scheme

The beginning of the end for the insider trading scheme came on April 12 of this year when a Twitter user noted that an Ethereum wallet had bought hundreds of thousands of dollars’ worth of digital assets just 24 hours before their Coinbase listings were announced.

The wallet was subsequently found to be under the control of Ramani. Following this tweet, Coinbase opened an investigation into the matter and on May 11, Coinbase’s director of security operations emailed Ishan Wahi to tell him to appear for an in-person meeting at Coinbase’s headquarters in Seattle, Washington, on May 16.

On the evening of May 15, Ishan Wahi bought a one-way ticket to India, which was scheduled to depart the following morning, just before the meeting with Coinbase security. However, before he could board his flight Wahi was intercepted by law enforcement and prevented from leaving the country.

Each of the defendants has been charged with one count of wire fraud conspiracy and one count of wire fraud – each charge carries a maximum sentence of 20 years in prison.

Insider trading is an ongoing issue that undermines confidence in both regulators and markets. Last September, the head of product development for the NFT marketplace OpenSea resigned following allegations of insider trading, and questions were raised about the integrity of the US Federal Reserve following the resignation of two regional Fed presidents over insider trading allegations.