Nisos links DPRK IT worker employment fraud to active targeting of cryptocurrency companies, using a suspected operative who applied for a remote Lead AI Architect role as a case study. The investigation tied the applicant to stolen or appropriated U.S. identity details, inconsistent mailing information, Astrill VPN activity, a U.S.-based laptop farm, and an apparent network of at least 20 North Korean workers that had applied to roughly 160,000 roles. The article argues that crypto firms are primary targets because fraudulent hires can gain trusted access to source code, wallets, internal systems, and colleagues before monetizing that access or stealing assets. It also notes that document checks and automated identity verification can miss this threat because they validate paperwork more than the person and risk behind the candidate.