Cryptocurrency NewsNorth Korean IT Workers Linked to $1.3M Crypto Theft: ZachXBT Exposes Scheme

North Korean IT Workers Linked to $1.3M Crypto Theft: ZachXBT Exposes Scheme

By Thomas Daniels
North Korean IT Workers Linked to $1.3M Crypto Theft: ZachXBT Exposes Scheme
Get Airdrops and CryptoboxesGet Free Airdrops and Crypto boxesGet The Latest Cryptocurrency News First - Join Us In GoogleNewsRead us in Google NewsGet The Latest Cryptocurrency News First - Join Us In TelegramGet The Latest Cryptocurrency News First - Join Us In GoogleNews Join WhatsApp channel

Recent findings by cybersecurity expert ZachXBT have uncovered a sophisticated theft and laundering scheme involving North Korean IT workers posing as crypto developers. The operation, which led to the theft of $1.3 million from a project’s treasury, has exposed a network of over 25 compromised crypto projects active since June 2024.

ZachXBT’s investigation points to a single entity, likely operating out of North Korea, that has been receiving between $300,000 and $500,000 monthly by simultaneously infiltrating multiple crypto projects using fake identities.

The Theft and Laundering Scheme

The incident came to light when an anonymous project team sought ZachXBT’s assistance after $1.3 million was stolen from their treasury. Unaware, the team had hired multiple North Korean IT workers who used fake identities to join the project.

The stolen funds were quickly laundered through a series of complex transactions. These included transferring the funds to a theft address, bridging assets from Solana to Ethereum via deBridge, depositing 50.2 ETH into Tornado Cash, and eventually transferring 16.5 ETH to two different exchanges.

Mapping the Network

Further investigation revealed that these developers were part of a larger, organized network. ZachXBT traced multiple payment addresses, uncovering a cluster of 21 developers who collectively received approximately $375,000 in the past month alone.

This investigation also linked the current activities to previous transactions amounting to $5.5 million, which were funneled into an exchange deposit address between July 2023 and 2024. These transactions were connected to North Korean IT workers and Sim Hyon Sop, a figure already sanctioned by the U.S. Treasury’s Office of Foreign Assets Control (OFAC). The investigation revealed concerning overlaps in IP addresses associated with Russian Telecom, even though the developers claimed to be based in the U.S. and Malaysia.

In one case, a developer inadvertently exposed other identities while being recorded, leading to further connections between payment addresses and OFAC-sanctioned individuals, including Sang Man Kim and Sim Hyon Sop. The investigation also highlighted the role of recruitment companies in placing these developers, adding another layer of complexity. Some projects employed at least three North Korean IT workers who referred each other, deepening the network’s infiltration.

Preventive Measures

ZachXBT emphasized that many experienced teams have unknowingly hired deceptive developers, making it unfair to solely blame the teams. However, there are several preventive measures that can help protect against such threats. These include:

  • Exercising caution when developers refer each other for roles.
  • Scrutinizing resumes and verifying KYC information thoroughly.
  • Asking detailed questions about developers’ claimed locations.
  • Monitoring for developers who reappear under new accounts after being fired.
  • Watching for a decline in performance over time.
  • Regularly reviewing logs for anomalies.
  • Being cautious of developers using popular NFT profile pictures.
  • Noting language accents that might suggest origins in Asia.

These steps are crucial for safeguarding crypto projects against similar threats in the future.

source

Get Airdrops and CryptoboxesGet Free Airdrops and Crypto boxesGet The Latest Cryptocurrency News First - Join Us In GoogleNewsRead us in Google NewsGet The Latest Cryptocurrency News First - Join Us In TelegramGet The Latest Cryptocurrency News First - Join Us In GoogleNews Join WhatsApp channel
Previous article
Over Half of Crypto Ads on Meta Are Scams
Next article
Xion Confirmed Airdrop – Important Update

Join us

13,690FansLike
1,625FollowersFollow
5,652FollowersFollow
2,178FollowersFollow
- Advertisement -

Coinatory is a news portal dedicated to providing the latest updates on cryptocurrency, blockchain, and mining. Our mission is to keep readers informed about the most significant and exciting developments in the crypto world, including updates on new coins as they emerge. We offer a comprehensive coverage of the technical details behind recent and upcoming changes and events in the cryptocurrency industry, enabling our readers to stay up-to-date with the latest trends and insights.

Disclaimer

At Coinatory, we stay at the forefront of modern trends by leveraging various AI tools for content creation, marketing, and other purposes. While these tools help us enhance our services and provide valuable insights, it is important to note that the information and content generated by AI may not always be perfect or fully accurate. We strive to ensure the highest quality and accuracy in all our offerings, but we recommend that users independently verify information and seek professional advice when necessary. Coinatory is not liable for any inaccuracies or errors resulting from the use of AI-generated content. By using our website, you agree to these terms and acknowledge the role of AI in our operations.