$1.3M Crypto Heist Exposes Massive North Korean Developer Network: ZachXBT
A recent investigation by crypto sleuth ZachXBT has revealed a large-scale infiltration of crypto projects by developers linked to North Korea.
The investigation began after a team reported a $1.3 million theft from their treasury. This led to the discovery of a much broader network of compromised projects.
Key findings:
- 25+ crypto projects identified with connections to North Korean developers.
- Approximately $375,000 paid to these developers in the past month.
- Historical payments of $5.5 million traced to sanctioned individuals.
- Complex laundering process involving cross-chain transfers and mixers.
ZachXBT’s investigation uncovered a cluster of 21 developer payment addresses. He revealed recent transactions totaling about $375,000 over the last month. Further analysis linked these activities to individuals on the Office of Foreign Assets Control (OFAC) sanctions list, including Sim Hyon Sop.
Also read: Binance Achieves 19th Global Regulatory Milestone, Re-Enters India
ZachXBT reveals the tactics used by these crypto devs
According to ZachXBT, these individuals used several tactics to avoid detection. They usually refer each other for roles within projects, presenting convincing but falsified resumes and GitHub activity, and submitting fake IDs during Know Your Customer (KYC) processes.
ZachXBT stated that projects should be cautious of red flags, such as multiple developers from the same network applying for positions.
The on-chain sleuth also asked to be careful about discrepancies between claimed locations and accents, a sudden decrease in performance quality, and the quick creation of new accounts after termination.
The scale of this operation is important, as estimates suggest a single entity in Asia receives between $300,000 to $500,000 monthly from simultaneous engagements across over 25 projects.