CoinDesk found that more than a dozen crypto companies, including Cosmos Hub, Injective, ZeroLend, Fantom, Sushi and Yearn Finance, had unknowingly hired DPRK IT workers using fake identities, reference checks and GitHub work histories. The workers targeted remote roles in blockchain firms and, in several cases, companies that employed them later suffered hacks; CoinDesk linked some thefts, including Sushi's 2021 loss, to suspected DPRK workers on payroll. U.S. authorities warn the earnings can fund North Korea's weapons program, while employers face sanctions exposure and insider-risk problems when covert workers gain access to code and internal systems.