02. May 2025
North Korean Hackers Steal Millions With Phony Coding Tests
The Great Remote Coding Scam: How North Korea Stole Your Job
In the world of web security, hiring top talent is a constant challenge. Companies like C.Side, a startup based in London, rely on rigorous coding tests and interviews to find the best candidates for their positions. However, what started as a routine interview process quickly turned into a complex cybercrime operation that would have far-reaching consequences.
Thomas, a 25-year-old from rural Tennessee, was one of many job applicants who caught the attention of Simon Wijckmans, C_SIDE’s founder. On paper, Thomas looked perfect: he had studied computer science at the University of Missouri and claimed to be a professional programmer with eight years of experience. His resume and preliminary coding test were impressive, but what really stood out was his generic image as a background and his poor internet connection.
During their Google Meet interview, Wijckmans noticed that Thomas seemed more interested in discussing salary than the actual work or company operations. This odd behavior raised red flags, but Wijckmans didn’t think much of it at the time. After all, many candidates are eager to discuss compensation, right? However, what Wijckmans didn’t know was that Thomas was not who he claimed to be.
Fast forward a few days, and Wijckmans received another email from the same recruiter, this time with a new candidate’s information. The applicant’s name was Alex Chen, an Asian-American man based in the US. Like Thomas, Chen seemed more interested in salary than the job itself, and his virtual background looked like a basic office setting. Again, Wijckmans’ intuition told him that something was off.
It wasn’t until he went back over the job applications and coding tests that Wijckmans discovered the shocking truth: many of these applicants were using Virtual Private Networks (VPNs) to mask their true location. This was a common tactic used by cybercriminals to disguise their IP addresses and avoid detection.
As Wijckmans dug deeper, he realized that he had stumbled upon an audacious global cybercrime operation. These seemingly unassuming IT workers were being hired under false identities to work remotely for American and European companies, all to bankroll the government of North Korea.
Christina Chapman, a 44-year-old from Minnesota who lived in a trailer with her dogs and loved social justice content on TikTok, had received a recruiter’s note that changed her life: she was offered a job as a programmer at C.Side, despite having limited online experience. With the help of some friends on the ground, Chapman began to unravel the web of deceit surrounding this global scam.
As it turned out, Chapman’s recruiters were part of an elaborate network that funneled applicants from all over the world into CSIDE’s hiring pool. These recruits were paid minimal salaries for their work, with much of the money ending up in North Korea’s coffers. The scheme was so sophisticated that even Wijckmans’ friends and colleagues couldn’t believe it.
In February 2022, an investigative report by CNN revealed that C_SIDE had been a victim of this global scam. Thousands of remote workers from all over the world had been exploited, with many losing their savings or facing financial hardship as a result. The North Korean government was estimated to have gained millions of dollars from these transactions.
The story raises questions about the ease with which cybercrime operations can be set up and executed in today’s digital age. With the rise of remote work and online job platforms, there are more opportunities for scammers than ever before. As companies like CSIDE become increasingly reliant on global talent, they must take extra precautions to verify the identity and credentials of their applicants.
The experience highlighted the vulnerabilities of our increasingly digital world, where identity theft and online scams are becoming more common by the day. It also served as a reminder of the importance of due diligence when hiring remote workers.
For companies like CSIDE, the solution lies in implementing simple yet effective tools to prevent such scams. This can include verifying the social media profiles and online presence of potential applicants, conducting thorough background checks, and using AI-powered tools to detect suspicious activity.
In Chapman’s case, the recruiters’ scheme had left her with more than just financial loss. She had also lost trust in people she had never met and was forced to confront a new reality about the digital world. Yet, as she looked back on her experience, she realized that it had also given her a newfound appreciation for the power of technology and the importance of protecting ourselves from those who would seek to exploit it.
The Great Remote Coding Scam serves as a cautionary tale about the dangers of cybercrime and the importance of vigilance in our increasingly digital world. As we continue to navigate the complexities of remote work and online job platforms, we must remain vigilant and take extra precautions to protect ourselves from those who would seek to deceive us. By implementing effective security measures and being aware of the risks, we can prevent such scams in the future and ensure a safer digital landscape for everyone.