Home / News / Technology / Crypto Sleuth Uncovers $1.3M Crypto Heist by North Korean Devs Using Fake Identities
Technology
4 min read

Crypto Sleuth Uncovers $1.3M Crypto Heist by North Korean Devs Using Fake Identities

Published August 16, 2024 11:00 AM
Giuseppe Ciccomascolo
Published August 16, 2024 11:00 AM

Key Takeaways

  • Crypto Sleuth ZachXBT uncovered a network of North Korean developers infiltrating crypto projects to earn hundreds of thousands monthly.
  • The crypto sleuth said North Korean hackers are responsible for a recent $1.3 million theft from a crypto project’s treasury.
  • North Korea has established a well-structured cybercrime network targeting the cryptocurrency industry.

Blockchain sleuth ZachXBT  has uncovered a sophisticated network of North Korean developers allegedly infiltrating established crypto projects to generate hundreds of thousands of dollars monthly.

ZachXBT alleges that a single entity in North Korea is orchestrating a massive operation. This wouldn’t be the first time that North Korean hackers have stolen millions of dollars in illicit crypto activities.

ZachXBT Revelation

ZachXBT said that a single entity, likely based in North Korea, employs over 21 developers to work on more than 25 crypto projects, raking between $300,000 and $500,000 per month. These developers often use fake identities to conceal their true origins.

The investigator alleges that a recent $1.3 million theft from a crypto project’s treasury can be traced back to a group of these North Korean developers. These hackers inserted malicious code into the project’s system. The North Korean network laundered the stolen funds through a series of complex transactions before ultimately securing them.

Crypto heists
Entities involved in crypto heists. l Credit: ZachXBT

ZachXBT’s investigation further revealed that these developers are part of a broader operation, with payment addresses linked to the group totaling millions of dollars in recent months. The funds ultimately ended in an exchange account.

The blockchain analyst also found connections between these developers and sanctioned individuals with known ties to North Korean cybercrime. Additionally, investigators discovered that several developers used fake locations and identities, with some even referring each other for job opportunities.

How Crypto Heist Works

According to ZachXBT, these individuals employed a sophisticated array of deceptive tactics to evade detection. They often formed interconnected networks, referring colleagues for project roles and creating a facade of legitimacy. By meticulously crafting convincing but falsified resumes and GitHub profiles, they successfully infiltrated numerous crypto projects. To further obscure their identities, these individuals provided forged identification during Know Your Customer (KYC) processes. This is a critical security measure often bypassed through their deception.

ZachXBT issued a stern warning to crypto projects, urging them to be hypervigilant for red flags indicative of potential infiltration. Employing multiple developers from the same network should raise immediate concerns.

Crypto heist explained
Crypto heist explained. l Credit: ZachXBT

Additionally, discrepancies between claimed locations and actual accents, abrupt declines in work quality, and the suspiciously rapid creation of new online accounts following termination are all potential indicators of malicious activity.

The scale of this operation is unprecedented. ZachXBT’s investigation suggests a highly organized criminal enterprise generating substantial profits. Estimates place the monthly earnings of a single Asian entity involved in this scheme between $300,000 and $500,000 through simultaneous engagements across over 25 projects, and the financial implications for the cryptocurrency industry are staggering.

North Koreans’ Previous Hacks

North Korea’s involvement in cryptocurrency theft is increasingly evident. The latest crypto heist is just one piece of a larger puzzle outlined in the UN’s annual report, which details a staggering 58 cyberattacks attributed to Pyongyang since 2017. These attacks, targeting cryptocurrency services, are part of a broader strategy to fund the regime’s nuclear and ballistic missile programs.

The UN’s exposé underscores North Korea’s reliance on illicit activities. These include the smuggling of petroleum products, arms dealing, and the exploitation of overseas workers to circumvent international sanctions.

A confidential document  from investigators has informed the UN that $147.5 million in stolen cryptocurrencies were laundered through Tornado Cash by North Korea.

The revelation that North Korean cybercriminals laundered millions through Tornado Cash adds another layer of complexity to this issue. Given the recent conviction of Tornado Cash co-founder Alexey Pertsev, the UN’s findings could significantly impact the ongoing legal proceedings against the platform.

Was this Article helpful? Yes No