Non Cult Crypto News

Non Cult Crypto News

in

ZachXBT claims 21 North Korea crypto devs are making $500K a month

Onchain sleuth ZachXBT claims to have found a network of North Korean developers who have been working on dozens of crypto projects.

Own this piece of crypto history

Collect this article as NFT

COINTELEGRAPH IN YOUR SOCIAL FEED

Blockchain investigator ZachXBT says he’s uncovered evidence of a sophisticated network of North Korean developers that earn as much as $500,000 a month working for “established” crypto projects.”

In an Aug. 15 post on X, ZachXBT informed his 618,000 followers he believes a “single entity in Asia,” likely operating out of North Korea, is receiving $300,000 to $500,000 per month employing at least 21 workers to over 25 crypto projects.

Blockchain researcher ZachXBT claims to have found that 21 North Koreans using fake identities are working on dozens of crypto projects. Source: ZachXBT

“Recently a team reached out to me for assistance after $1.3M was stolen from the treasury after malicious code had been pushed,” ZachXBT said. 

“Unbeknownst to the team they had hired multiple DPRK IT workers as devs who were using fake identities.”

ZachXBT alleges this latest $1.3 million stolen by DPRK workers was laundered through a sequence of transactions, including transferring to a theft address and ending with 16.5 Ether (ETH) going to two different exchanges.

After further investigation into these devs, ZachXBT believes they are part of a much more extensive network.

Tracking multiple payment addresses, he found a cluster of developers receiving “$375,000 over the last month,” and previous transactions totaling $5.5 million, which flowed into an exchange deposit address from July 2023 to some time in 2024.

Related: ZachXBT flags Lazarus-linked addresses worth $61M

These payments were then linked to IT workers in North Korea, and an individual Sim Hyon Sop — who has been sanctioned by the Office of Foreign Assets Control (OFAC) for allegedly coordinating financial transfers that eventually ended up supporting North Korea’s weapons programs.

A cluster of developers ZachXBT believes to be North Koreans using fake identities have received $375,000 over the last month. Source: ZachXBT

ZachXBT says his investigation uncovered other payment addresses were closely linked to another OFAC-sanctioned individual, Sang Man Kim, who has been linked to DPRK-related cybercrime in the past. 

US law enforcement believes Kim is “involved in the payment of salaries to family members of Chinyong’s overseas DPRK worker delegations” and receiving $2 million in crypto for selling IT equipment to DPRK-affiliated teams in China and Russia.

ZachXBT also found instances of Russian Telecom IP overlaps among developers who claimed to be based in the United States and Malaysia. At least one of the workers “accidentally leaked their other identities on a notepad.”

Some of the devs he found were even placed by recruitment companies and in some cases, referred each other for work.

“A number of experienced teams have hired these devs so it’s not fair to them single as the ones to blame,” ZachXBT said. 

“Shortly after posting another project found out they had hired one of the DPRK IT worker (Naoki Murano) listed in my table and shared my post in their chat. Immediately within two minutes, Naoki left the chat and wiped his GitHub.”

Organizations linked to the Democratic People’s Republic of Korea (DPRK) are believed to be behind more than a few cyber attacks and other scams over the years. Its cybercrime modus operandi generally involves phishing, exploiting software flaws, cyber intrusions, private key exploits and in-person infiltration. It is understood some also work these jobs to generate a salary which is then sent back to the country. 

In 2022, the US Departments of Justice, State and Treasury issued a joint advisory warning about the influx of North Korean workers into various freelance tech jobs, especially crypto.

Arguably, the most infamous group linked to the hermit kingdom, the Lazarus Group, reportedly stole over $3 billion in crypto assets in the six years leading up to 2023.

Magazine: AI may already use more power than Bitcoin — and it threatens Bitcoin mining

This article first appeared at Cointelegraph.com News

What do you think?

Written by Outside Source

IMF execs float raising crypto mining electricity prices by 85%

Bitcoin sidechain creators tout new ‘permissionless’ version BitVM2

Back to Top

Ad Blocker Detected!

We've detected an Ad Blocker on your system. Please consider disabling it for Non Cult Crypto News.

How to disable? Refresh

Log In

Or with username:

Forgot password?

Don't have an account? Register

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

To use social login you have to agree with the storage and handling of your data by this website.

Add to Collection

No Collections

Here you'll find all collections you've created before.