Key Takeaways
Blockchain sleuth ZachXBT has uncovered a sophisticated network of North Korean developers allegedly infiltrating established crypto projects to generate hundreds of thousands of dollars monthly.
ZachXBT alleges that a single entity in North Korea is orchestrating a massive operation. This wouldn’t be the first time that North Korean hackers have stolen millions of dollars in illicit crypto activities.
ZachXBT said that a single entity, likely based in North Korea, employs over 21 developers to work on more than 25 crypto projects, raking between $300,000 and $500,000 per month. These developers often use fake identities to conceal their true origins.
The investigator alleges that a recent $1.3 million theft from a crypto project’s treasury can be traced back to a group of these North Korean developers. These hackers inserted malicious code into the project’s system. The North Korean network laundered the stolen funds through a series of complex transactions before ultimately securing them.
ZachXBT’s investigation further revealed that these developers are part of a broader operation, with payment addresses linked to the group totaling millions of dollars in recent months. The funds ultimately ended in an exchange account.
The blockchain analyst also found connections between these developers and sanctioned individuals with known ties to North Korean cybercrime. Additionally, investigators discovered that several developers used fake locations and identities, with some even referring each other for job opportunities.
According to ZachXBT, these individuals employed a sophisticated array of deceptive tactics to evade detection. They often formed interconnected networks, referring colleagues for project roles and creating a facade of legitimacy. By meticulously crafting convincing but falsified resumes and GitHub profiles, they successfully infiltrated numerous crypto projects. To further obscure their identities, these individuals provided forged identification during Know Your Customer (KYC) processes. This is a critical security measure often bypassed through their deception.
ZachXBT issued a stern warning to crypto projects, urging them to be hypervigilant for red flags indicative of potential infiltration. Employing multiple developers from the same network should raise immediate concerns.
Additionally, discrepancies between claimed locations and actual accents, abrupt declines in work quality, and the suspiciously rapid creation of new online accounts following termination are all potential indicators of malicious activity.
The scale of this operation is unprecedented. ZachXBT’s investigation suggests a highly organized criminal enterprise generating substantial profits. Estimates place the monthly earnings of a single Asian entity involved in this scheme between $300,000 and $500,000 through simultaneous engagements across over 25 projects, and the financial implications for the cryptocurrency industry are staggering.
North Korea’s involvement in cryptocurrency theft is increasingly evident. The latest crypto heist is just one piece of a larger puzzle outlined in the UN’s annual report, which details a staggering 58 cyberattacks attributed to Pyongyang since 2017. These attacks, targeting cryptocurrency services, are part of a broader strategy to fund the regime’s nuclear and ballistic missile programs.
The UN’s exposé underscores North Korea’s reliance on illicit activities. These include the smuggling of petroleum products, arms dealing, and the exploitation of overseas workers to circumvent international sanctions.
A confidential document from investigators has informed the UN that $147.5 million in stolen cryptocurrencies were laundered through Tornado Cash by North Korea.
The revelation that North Korean cybercriminals laundered millions through Tornado Cash adds another layer of complexity to this issue. Given the recent conviction of Tornado Cash co-founder Alexey Pertsev, the UN’s findings could significantly impact the ongoing legal proceedings against the platform.