What is it like to have a “North Korean hacker” interview a blockchain engineer?

What is it like to have an engineer who is suspected to be a "North Korean hacker" come for an interview?

Privacy Agreement Jonwu, a staff member of aztecnetwork, has something to say. He met such an interviewer, and the interview process made him feel funny and scared, especially the sentence written by the interviewer, "the world will see the great result from my hands." It was so disarming. Who the hell would talk like that? Then this sentence was posted in Jonwu's Twitter profile, haha.

The following is Jonwu’s own statement:

First up, we at aztecnetwork are hiring and received a job application from “Bobby Sierra - Solidity Engineer” on @Greenhouse.

After the internal review, I was assigned an online interview.

Scan the resume.

Name: Bobby Sierra
Job: Solidity Engineer Location: Ontario Language: English and some Chinese

Experience: F2pool, with some DAO and NFT projects on the resume.

Remember this, it will be relevant later.

Then I looked at the cover letter and it started with: “I am a blockchain developer with 6+ years of experience.”

Then there's a bunch of vague information that's kind of generic bragging, but it's understandable that not everyone is good at writing a cover letter.

Finally, he wrote in his cover letter: "The world will see great results in my hands."

...

I immediately thought, this bastard sounds like a Bond villain.

I'm imagining a guy whose arm is actually a laser cannon and whose eyeballs are made of plutonium or something.

“The world will see great results in my hands”???

Who the hell talks like that in their right mind?

This was disturbing, so I went to look at his Github, and saw 12 commits in the last 12 months? That's not "great experience".

Additionally, these participating projects seem to be random:

• BoredBunnies

• PantherSwap

• MetaverseDAO

Whatever, I said to myself, Crypto is a weird and interesting space full of weird and interesting people! Look, maybe Bobby is just a weird guy.

Then, I started the interview!

Hi, this is Jon from Aztec, is this Bobby?

"Yes. This is...Bobby Sierra."

I observed a few things:

• His camera was off;

• 5+ people talking loudly in the background;

• A distinct Korean accent;

I asked him why it was so loud.

"Oh, I'm in the office."

WTF, but why are there 5 other people speaking a mix of Korean and English?

You may ask, how do I know he is Korean?

Hey, some of my best friends are Korean, so are very familiar with the Korean accent, but this is not the normal Korean-American or Korean-Canadian or any Korean accent.

"Bobby" certainly spoke English, but not regular English: stiff, formal, and at the same time almost unintelligible.

So, “Bobby, introduce yourself.

“I have participated in a lot of blockchain development and token issuance, and have many successful projects, very successful, and a lot of blockchain experience, all with very good results. Okay?”

Let's analyze it briefly:

1) The first part is fucking bullshit. I want to disqualify him from the interview just for this reason

2) “Okay”

The expression "Okay" convinced me that this guy was Korean. How did I know?

Because that’s the shit my friends’ moms would say before they gave me a piping hot bowl of pork rib soup.

"This is delicious. Eat it while it's cool, okay?"

Now the alarm bells are ringing. I know about the recent spate of North Korean hacking attacks.

I decided to dig further.

Where are you based, Bobby?

Bobby: “Based?”

That is, where are you now?

“Oh, Hong Kong.”

"Hong Kong? Where did you last work?"

"Oh, Ateke."

What is that?

"A German company, or a French company. I don't know."

Your resume says that you worked for F2pool, can you tell me about F2pool?

"Uh-huh, can you wait a moment?"

Then he put me on mute for 5 minutes.

When Bobb returned, it seemed like a new person.

"Hello, are you there?"

Yes, Bobby, I'm here.

“I’m an experienced blockchain developer and I want a new job. I’m very experienced and can bring value to your company. I want an engineering job now. Okay?”

Regardless of whether it was true or not, I hung up the phone.

We know that North Korean hackers like the Lazarus Group are attacking major protocols and individuals.

$600 million stolen from Ronin; Arthur0x, Mgnr, and countless other high-profile accounts hacked.

I don't know what the attack vector is.

• Let's download a corrupted .docx resume?

• Have someone share their screen and navigate to Metamask?

• Gain access to our codebase and push a malicious change?

I leave it to the internet to guess.

I actually have no idea if these guys are North Korean hackers. Bobby could just be a very incompetent guy, but every fiber of my being says that’s not the case.

Aside from the fear and amusement, I learned a lot from this strange interaction.

1) Our entire world is built on trust. If someone shows us their resume and Github, we believe it.
2) The risks of smart contracts are overestimated. Anything can be a vector for attack: recruitment, events, travel, etc.
3) Don’t download random attachments, isolate your wallet on your own machine, etc.

Later, "Bobby" updates his Github and it points to a brand new account, which now has more code commits.

I believe these people are learning, adapting, and getting smarter.

Thankfully, they can't fix how out of touch and incompetent they are.