Following another major hack linked to North Korean operatives, some crypto developers have admitted they are using interview tests to ensure candidates are not North Korean agents. This so-called “Kim Jong-Un test” has emerged as a surprisingly straightforward tactic.
Once again, North Korea (the DPRK) is behind a series of dramatic, movie-like cyberattacks. After the April 1st $285 million attack on Drift Protocol was attributed to UNC4736, a state-sponsored North Korean hacking group, several figures in the crypto industry took to social media to share their concerns and methods for combating what are essentially DPRK secret agents. Details on the long-term social engineering, fake professional personas, in-person meetings, and compromised tools used in the attack were covered in a recent article on Bitcoinist.
As unbelievable and humorous as it sounds, the most direct strategy some builders have adopted is to ask candidates during interviews to explicitly insult Kim Jong-Un, North Korea’s leader.
Yesterday, Tanuki42, an independent blockchain security investigator, shared a video of what he described as a “North Korean IT worker being stopped dead in their tracks upon being required to insult Kim Jong Un.” In the video, a candidate using the alias “Taro Aikuchi” was not only unable to repeat the phrase “Kim Jong-Un is a fat, ugly pig” after the interviewer but was also visibly taken aback and nervous.
In another video shared by the investigator, “Taro” amusingly claims to “know North Korea well,” but then experiences sudden connection issues when asked to say “Fuck Kim Jong-Un.” Later in the thread, Tanuki42 showed that the candidate changed his Telegram handle, wiped their chat history, and blocked him after the interview. The candidate’s X account and LinkedIn page also vanished.
Crypto investor and fund manager Jason Choi referenced Tanuki42’s thread, stating that many crypto founders have told him this test is effective. Crypto founder Pav replied to Choi, saying he has been using the tactic since 2024 after discovering he had interviewed a DPRK agent for an engineering role in 2022. Simon Wijckmans, another cybersecurity founder, also shared a clip from his own interview where a candidate failed to call Kim Jong-Un a dictator when asked.
Despite this evidence, the unusual nature of the story still leaves some crypto builders skeptical and amazed.A few days ago, Paolo Caversaccio, a Swiss engineer and entrepreneur specializing in cryptography, privacy, and security, shared his method for ensuring he isn’t working with North Korean spies: he asks contributors to insult Kim Jong Un. He stated that going forward, he will request “a nice Kim Jong Un insult” from every external contributor to his repositories, calling it an easy but powerful way to prevent code from DPRK developers—some of whom are very skilled—from being merged, as they would never get approval to do so.
He later debated the technique’s effectiveness with longtime Ethereum developer Micah Zoltu. Caversaccio argued that his filter is strong, based on over three years of experience dealing with DPRK IT workers. He mentioned plans to release public interviews with these workers, noting they always fail this specific question.
For traders, the key issue is no longer just predicting the next meme coin, but identifying which teams can defend against nation-state attackers. The crypto space is increasingly influenced by geopolitics, state-sponsored cyber operations, and HR compliance, with North Korean infiltration now a structural industry risk. Protocols with weak contributor vetting, opaque multisignature setups, or ad-hoc governance may face higher tail risks that markets will likely factor in. Conversely, projects demonstrating strong operational security, incident response, and KYC for critical roles could see stronger valuations and more stable Total Value Locked (TVL).
As of this writing, Bitcoin is trading around $68,000.
Frequently Asked Questions
FAQ Crypto Trust Crisis The Kim JongUn Test
Basics Definitions
What is the Kim JongUn Test
Its a hypothetical scenario used to stresstest a cryptocurrency projects governance and security The test asks If Kim JongUn seized control of this projects core team or infrastructure could he manipulate it to steal funds or censor transactions If the answer is yes the project fails the test
What is a crypto trust crisis
A situation where users lose confidence in a cryptocurrencys security decentralization or governance often because hidden central points of failurelike a small group of developers or validatorscould be compromised or act maliciously
Why is it called the Kim JongUn Test
The name uses an extreme example of a hostile powerful actor to highlight risks Its not specifically about North Korea but about any scenario where a malicious entity could take over key parts of a crypto system
Why It Matters
Why should I care about this test
Because it reveals whether a cryptocurrency is truly decentralized or if its secretly controlled by a few people or entities Failing the test means your funds could be at risk from insider attacks hacking or government coercion
Whats the difference between decentralized in name and decentralized in practice
Many projects claim to be decentralized but actually rely on a small team for critical updates private keys or server control The test helps uncover if central points of failure exist behind the scenes
Does this only apply to North Korean threats
No It applies to any powerful adversarygovernments hackers corrupt insiders or competing projectsthat could exploit centralized control
Identifying Risks Problems
How can I tell if a project might fail the test
Look for red flags a small team with disproportionate control closedsource critical code centralized hosting for nodes a small validator set or unclear upgrade processes that rely on a few people
What are hidden North Korean operatives in this context
A metaphor for any hidden centralized control points or single points of failure within a projects structure that could be exploited by a malicious actorwhether theyre actual operatives rogue developers or compromised founders