Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
North Korean Devs Used Fake Identities to Steal From Crypto Project: ZachXBT

North Korean Devs Used Fake Identities to Steal From Crypto Project: ZachXBT

CryptopotatoCryptopotato2024/08/15 16:00
By:Author: Wayne Jones

ZachXBT reports North Korean IT workers infiltrated 25+ crypto projects, earning up to $500K monthly since June 2024.

Blockchain investigator ZachXBT has released information regarding North Korean developers who allegedly stole $1.3 million from a project’s treasury.

The theft was carried out when the devs, who had been hired using fake identities, injected malicious code into the system, which allowed the unauthorized transfer of funds.

ZachXBT Uncovers Crypto Workers Scheme

ZachXBT explained on X that the stolen funds were initially sent to a theft address and bridged from Solana to Ethereum through the deBridge platform. The funds, 50.2 ETH, were deposited into Tornado Cash, a crypto mixer that obscures transaction trails. After that, 16.5 ETH was transferred to two exchanges.

According to ZachXBT, since June 2024, North Korean IT workers have infiltrated over 25 crypto projects using multiple payment addresses. He noted that there could be a single entity in Asia, likely based in North Korea, receiving between $300,000 to $500,000 each month while employing at least 21 workers across different crypto projects.

Further analysis noted that before this case, $5.5 million had been funneled into an exchange deposit address tied to payments made to North Korean IT workers from July 2023 to July 2024. These payments were linked to Sim Hyon Sop, an individual sanctioned by the US Office of Foreign Assets Control (OFAC).

ZachXBT’s investigation looked deeper into the several errors and unusual patterns made by the malicious actors. There were IP overlaps between developers allegedly based in the US and Malaysia and accidental leaks of alternate identities during recorded sessions.

Following the incident, ZackXBT contacted the affected projects and advised them to review their logs and do more intensive background checks. He also noted several red flags that teams can monitor, such as referrals for roles from other developers, work history inconsistency, and highly polished resumes or GitHub profiles.

North Korean Cybercrime Surge

Meanwhile, groups linked to North Korea have long been associated with cybercrime. Their tactics often include phishing schemes, exploiting software vulnerabilities, unauthorized system access, private key theft, and even infiltrating organizations in person.

One of its most infamous organizations, Lazarus Group, allegedly stole over $3 billion in crypto assets from 2017 to 2023.

In 2022, the US government warned about the surging number of North Korean workers getting into freelance tech roles, especially those in the crypto sector.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Shiba Inu Community Pushes Token Toward $0,001

HappyCoinNews2024/11/14 19:00

215 Arrested in South Korea’s $232M Crypto Scam

South Korean police have arrested 215 people for taking part in a massive crypto fraud scheme

Altcoinbuzz2024/11/14 19:00

BlackRock Launches BUIDL Fund on 5 Blockchains

BlackRock, the world’s largest asset manager, just took a big step in the crypto world

Altcoinbuzz2024/11/14 19:00