Crypto firms should never carelessly trust their engineers to upload code without an external review first, says JP Richardson, CEO of the self-custodial crypto platform Exodus.
He argued that this is essential to stop bad actors, who are becoming more sophisticated in tricking crypto firms into giving them jobs, from uploading malicious code to the firmâs software.
In an interview with Cointelegraph at Token2049 in Singapore, Richardson stressed the importance of having a second-layer team to review all engineersâ code before any updates or upgrades are made to a crypto firmâs software.
Richardson highlights that customersâ data must be the priority
âI think it really comes down to building a system so that if it does happen, god forbid, your customers are still safe,â the Exodus CEO said.Â
âThat requires operational resilience in the business, so again, customers are not at risk,â he added.
He explained that Exodus reviews code from everybody, including its internal staff.
âOur security team reviews all the code to make sure that itâs still safe as opposed to, oh, we just trust this engineer is a really good engineer; we donât need to review this code,â Richardson said.
Richardsonâs comments came after he highlighted the rise in North Korean hackers fraudulently securing jobs at crypto firms by faking their identities.
âTheyâre both applying to companies or trying to get engineers at crypto companies to download fake resumes, fake malware to infiltrate these systems,â Richardson said.
Richardson says all code must be reviewed before being finalized
On Aug. 16, blockchain investigator ZachXBT claimed he uncovered evidence of a sophisticated network of North Korean developers that earn as much as $500,000 a month working for âestablishedâ crypto projects.Â
âRecently a team reached out to me for assistance after $1.3M was stolen from the treasury after malicious code had been pushed,â ZachXBT said. He explained that âUnbeknownstâ to the firm, they had hired multiple DPRK IT âworkers as devs who were using fake identities.â
Meanwhile, on Sept. 3, Cointelegraph reported that the FBI said North Korean malicious cyber actors were targeting workers at decentralized finance and cryptocurrency companies to steal funds through âcomplex and elaborateâ social engineering campaigns.Â
Specifically, the federal agency warned that the scammers had researched firms associated with cryptocurrency-tied exchange-traded funds, or ETFs.
Magazine: What Solanaâs critics get right⊠and what they get wrong