Decentralized Systems Vulnerable to North Korean Cyber Attacks

For years, North Korean hacking groups have targeted the crypto industry. The $625 million Ronin bridge exploit in 2022 served as an early warning, but the threat has since evolved. In 2025, North Korean-affiliated attackers have been linked to multiple campaigns aimed at draining value and compromising key Web3 players. These attacks include credential-harvesting campaigns targeting $1.5 billion in assets at Bybit, resulting in millions of dollars being laundered, as well as malware attacks on MetaMask and Trust Wallet users. Additionally, they have attempted to infiltrate exchanges through fake job applicants and established shell companies in the US to target crypto developers. However, the reality is that the weakest link in Web3 is not smart contracts, but rather human operational vulnerabilities. Nation-state attackers no longer need to exploit zero-day vulnerabilities in Solidity; instead, they target the operational vulnerabilities of decentralized teams, such as poor key management, non-existent onboarding processes, and unvetted contributors pushing code from personal laptops. At Oak Security, where over 600 audits have been conducted across major ecosystems, a consistent gap is observed: teams invest heavily in smart contract audits but ignore basic operational security. The result is predictable, with inadequate security processes leading to compromised contributor accounts, governance capture, and preventable losses. The assumption that a protocol is secure if its code has passed an audit is not only naive but also dangerous. Smart contract exploits are no longer the preferred method of attack; instead, attackers target the people running the system. Many DeFi teams lack dedicated security leads, opting to manage enormous treasuries without anyone formally accountable for operational security. OPSEC failures are not limited to attacks from state-sponsored groups; insider bribery and human failures have led to incidents such as the Coinbase data breach, which resulted in a $180-$400 million remediation and ransom limbo. The vulnerabilities are systemic, with contributors commonly onboarded via Discord or Telegram without identity checks, structured provisioning, or secure devices. Code changes are often pushed from unvetted laptops with little to no endpoint security or key management in place. Sensitive governance discussions unfold in unsecured tools like Google Docs and Notion, without audit trails, encryption, or proper access controls. When something goes wrong, most teams have no response plan, no designated incident commander, and no structured communication protocol. This is not decentralization; it's operational negligence. TradFi institutions, which are also frequent targets of attacks, operate on the assumption that attacks are inevitable and design layered defenses to reduce the likelihood of attacks and minimize damage when exploits occur. They have a culture of constant vigilance that DeFi lacks. In traditional finance, employees do not access trading systems from personal laptops; devices are hardened and continuously monitored, with access controls and segregation of duties ensuring that no single employee can unilaterally move funds or deploy production code. Onboarding and offboarding processes are structured, and credentials are issued and revoked with care. Web3 needs to adopt similar maturity, but adapted to the realities of decentralized teams. This starts with enforcing operational security playbooks from day one, running red-team simulations that test for phishing, infrastructure compromise, and governance capture, and using multi-signature wallets backed by individual hardware wallets or treasury management. Teams should vet contributors and perform background checks on anyone with access to production systems or treasury controls. Some projects are starting to lead in this area, investing in structured security programs and enterprise-grade tooling for key management. However, these practices remain the exception, not the norm. Decentralization is no excuse for negligence; nation-state adversaries understand this ecosystem and are already inside. The global economy is increasingly reliant on on-chain infrastructure, and Web3 platforms urgently need to employ and adhere to disciplined cybersecurity practices to avoid becoming a permanent funding stream for hackers and scammers. Code alone will not defend us; culture will.