I was doomscrolling on Twitter and I came across this tweet which was so remarkable that I just had to call the guy up who tweeted it to hear the story.
I’m Jon Wu. I am head of growth at Aztec Network.
Aztec is a crypto company which aims to make your cryptocurrency usage more private, and to do that, you can use their system to move your money around. They sort of shield it so that you can move it around without anybody knowing that you’re doing that. But because their tool is catching on, a lot of people are using it and moving their money around through Aztec’s network, which means at any point, they’ve got control over quite a bit of their user’s money.
Yes, so if you look at all the public dashboards, our smart contract holds about $15 million last I checked, although the market has come down a bit and we’ve had – again, depending on Eth price, but as of a couple weeks ago, $80 to $100 million of throughput. So, certainly a lot of value has moved through the system. JACK: Now, Aztec is growing which means they’re hiring and have open positions, and Jon is the one who looks at resumes and does interviews to
hire new people who work there. JON: Yeah, that’s right. So, we get lots of inbound resumes all the time for our full-stack engineering roles and smart contract dev roles. I’m on the hiring team at Aztec. So, I got automatically assigned a resume that had already been internally reviewed and looked super legit. The person had a GitHub with a bunch of projects on it and had a resume with some things that I’d heard about like F2Pool.
The name was Bobby Sierra. JACK: [MUSIC] He set up a time to do an interview with Bobby Sierra, a remote one through video conferencing. John and Bobby both got on the video call. JON: I immediately noticed that the person’s camera was off and that there was a little bit of latency, but also that there was just a lot of background noise, so just a bunch of chatter in the background.
Did you ask to turn the video on?
I did, and he made some excuse about how he couldn’t do so. I talk to folks not infrequently who are uncomfortable on video, but it is one of the best tools that we have for validating identity. Bobby Sierra, again, not to be stereotypical, but it’s obvious on the face that Bobby Sierra is a Western name and this person had a heavy Korean accent. The way I was able to tell is I’m Asian too; I’m Taiwanese. I grew up in an immigrant community
around New York, and some of my absolute best friends growing up were Korean. I spent a lot of time in Korean households, and I was like, this guy’s obviously Korean. I’ve heard an accent like this and some of the mannerisms a thousand times. Then I kind of flat-out asked him, where are based? He said I’m based in Hong Kong. I’m like, that’s not what your resume says. Your resume says you’re based in Canada. Then he did this multiple times through the call,
but then he would just mute me. He would just go on mute and then he would come back online and pretend like nothing happened. JACK: Did you ask any technical questions that he knew? Like, did he know his chops about what you wanted him to know? No, absolutely not. He didn’t say almost anything coherent. [MUSIC] He kinda just kept repeating stuff like I’m an experienced blockchain developer or I’ve worked on many successful
projects, I’ll bring you a lot of success. Of course, the infamous line from his cover letter was ‘the world will see a great result from my hands’, which was just so villainous-sounding as to be comical. So yeah, no, he really couldn’t answer any technical questions. Couldn’t even answer the basic questions of where he had worked previously. The whole thing was super bizarre and he was just either unfazed or didn’t understand when I was pointing out red flags and
inconsistencies. He was clearly spoofing someone’s legitimate resume and pretending to be them, like, had just downloaded it from an open resume site or a recruiting site. But it was when I was like hey man, it says here that you worked here at F2Pool. Tell me about F2Pool. If I were to recreate what he said, he literally was like, yeah, and then muted. I was like hey, are you there? I would say at least a minute or two minutes went by just silence
on the other line. I was like, no one does this. It doesn’t matter how incompetent you are. If you think about – there’s two axes I’m judging on this interview; are you competent or incompetent? That’s the standard interview framework. Like, am I gonna move you on to the next step or not? But the other one that you don’t consider usually when you talk to someone is like,
is this person nefarious? It wasn’t until he kind of went dark for like, two minutes after being asked a really simple question, and then came back again with this renewed purpose, like pretending like that didn’t happen. Like, I want to work with you, I’m an experienced blockchain developer, I’ll make you successful, that I was like dude, something’s going on here.
It’s a scam, it’s a behavioral hack, and that’s when I hung up. Honestly, right when I left the call room, I shut the door to the call room, and I remember being in the office and I was like
guys, I think I just interviewed a North Korean hacker. That was my intuition. My intuition – and it was biased from weeks of having observed it and reported on it, and I had already been covering some of these security hacks of really famous crypto individuals like Arthur0x and a lot of the coverage on Lazarus Group, so I was already primed to be thinking about this. So, between that, his undeniably Korean accent, and just how sketchy and scammy it was,
that was kind of my intuition. JACK: Jon was actually pretty spooked by this. I mean, if this was a North Korean, that’s a pretty close encounter, to be on a video call with him, to have this whole e-mail exchange, to be opening resumes and e-mail attachments. [MUSIC] He starts retracing his steps, trying to remember exactly how much he shared with this Bobby Sierra. Did he do any screen-sharing? How much did he explain about the company and what tech they use?
Jon was on high alert and feeling pretty disturbed by this. So, he tweeted the whole encounter. JON: The tweet went super viral because, you know, frankly it was entertaining. Even when I was in the room, I was kinda laughing at myself. I was like, who is this guy? This is so crazy. You don’t have interviews like that ever, you know? You don’t ever have those. It’s rare to have an experience in your life where that’s
just so surreal. You’re like, is this happening? Like, this person’s just making stuff up and their resume’s not consistent with their GitHub, is not consistent with their real name, and their quote, unquote real name is “Bobby Sierra” and his cover letter sign-off is ‘the world will see a great result from my hands’. So, it was just a funny thread and it just went super viral. It instantly got thousands of likes.
Some people were saying no, dude, this is typical; if you interview enough people for a while, there’s some really weird ones that just show up. So, Jon was starting to doubt that it was North Korea, but another crypto investor who had his digital assets stolen a little before this said it was definitely North Korea because he’s seen this before. So, Jon wasn’t sure again. JON: But then yesterday, I think, this week,
the US Treasury published a sixteen-page advisory on North Korean overseas IT workers. That advisory explained almost to the word the tactics that this guy Bobby Sierra was using on me. This advisory from the US Treasury and the FBI says that North Korea has been trying to dispatch IT workers to work for companies all over the world remotely,
posing as non-North Koreans. Some of these people, when they get hired, they don’t even do the work; they just hire a subcontractor to actually do the job that they were supposed to do. Once again, North Korea has flabbergasted me. I mean, what level of social engineering even is this, to try to get a job at the very place you want to rob, and it’s done by the world’s worst
social engineer? It’s bold and ridiculous at the same time. One thing that seems clear from this is that the Lazarus Group is on a tenacious mission to steal crypto from people and places all over the world, and they’re pretty creative at coming up with new ideas on how to do it. [MUSIC] It’s almost like the Lazarus Group has a whole RND department that cooks up ways to steal money.