North Korean IT hackers countered: Shocking insider information exposed

CN
1 day ago

According to a screenshot from a North Korean IT worker's device, a small North Korean IT team associated with a $680,000 cryptocurrency hacking incident has been using Google products and even renting computers to infiltrate crypto projects.

Cryptocurrency investigator ZachXBT posted on the X platform on Wednesday, revealing rare insights into the internal activities of North Korean (DPRK) hackers. This information comes from "an anonymous source" who hacked into one of the member's devices.

Individuals linked to North Korea had previously launched a $1.4 billion attack on the cryptocurrency exchange Bitbit in February and have siphoned millions of dollars from crypto protocols over the years.

Data shows that this small team of six North Korean IT workers shares at least 31 fake identities, ranging from obtaining government IDs and phone numbers to purchasing LinkedIn and UpWork accounts to disguise their true identities and secure cryptocurrency jobs.

One member reportedly interviewed for a full-stack engineer position at Polygon Labs, and other evidence indicates they prepared interview response scripts, claiming to have work experience with OpenSea and Chainlink.

Leaked documents show that North Korean IT workers secured positions as "blockchain developers" and "smart contract engineers" on freelance platforms like Upwork, then used remote access software like AnyDesk to complete work for unsuspecting employers. They also used VPNs to hide their locations.

Exports from Google Drive and Chrome profiles reveal they used Google tools to manage schedules, tasks, and budgets, communicated in English, and utilized Google's Korean-English translation tool. A spreadsheet shows that the IT workers spent a total of $1,489.8 on operational expenses in May.

North Koreans frequently use Payoneer to convert fiat currency into cryptocurrency for work, with one wallet address—"0x78e1a"—being "closely related" to a $680,000 exploit on the fan token market Favrr in June 2025, according to ZachXBT.

At that time, ZachXBT accused the project's chief technology officer, named "Alex Hong," and other developers of being disguised DPRK workers.

The evidence also provides insights into their areas of curiosity. One search inquired whether ERC-20 tokens could be deployed on Solana, while another sought information on top AI development companies in Europe.

ZachXBT urged crypto and tech companies to conduct more thorough investigations of potential employees, noting that many of these operations are not highly complex, but a large number of applications often lead recruitment teams to become negligent.

He added that the lack of collaboration between tech companies and freelance platforms exacerbates this issue.

Last month, the U.S. Treasury took action, sanctioning two individuals and four entities involved in a North Korean-operated IT worker gang infiltrating crypto companies.

Related: Canary Capital registers Official Trump (TRUMP) ETF in Delaware

Original article: “North Korean IT hackers countered: Shocking insider information exposed”

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

5折买ETH,注册立返20%
Ad
Share To
APP

X

Telegram

Facebook

Reddit

CopyLink