ZachXBT Uncovers 21 North Korean Devs Making $500,000 Monthly in Crypto Sector
Blockchain sleuth ZachXBT has uncovered a highly sophisticated network of North Korean developers earning up to $500,000 monthly working on established crypto projects.
ZachXBT shared this discovery with his 618,000 followers in an August 15 X post. The on-chain sleuth believes an Asian entity, likely operating from North Korea, receives between $300,000 to $500,000 monthly by sending workers to various crypto projects.
Notably, the entity employs at least 21 developers on over 25 crypto projects.
North Korean Crypto SchemeThe investigation took a significant turn when a team contacted ZachXBT for help after a malicious code in their project drained their treasury of $1.3 million.
Following some diggings, ZachXBT discovered that the team had unknowingly hired multiple North Korean IT workers who had used fake identities to secure the jobs.
These developers, who appear to be part of a more extensive network, managed to launder the stolen funds through a series of transactions. They ultimately moved 16.5 Ether to two separate exchanges.
ZachXBT's deep dive into this network revealed even more troubling connections. By tracking payment addresses, he identified several developers receiving substantial payments. Over the past month, they have already realized $375,000.
Further analysis showed that these payments totaled a staggering $5.5 million over several months. The investigation also traced the funds back to an exchange deposit address active from July 2023 to the present.
Moreover, these findings directly connected the payments to IT workers in North Korea and a man named Sim Hyon Sop.
Reports had it that the Office of Foreign Assets Control (OFAC) sanctioned Sop in April last year. This sanction came after Hyon Sop was found coordinating financial transfers that fund North Korea's weapons programs.
ZachXBT also uncovered links to Sang Man Kim, another OFAC-sanctioned individual with a history of involvement in DPRK-related cybercrime.
According to US law enforcement, Kim had been paying salaries to family members of DPRK worker delegations abroad.
Also, he has allegedly received $2 million in digital assets for successful transactions of IT equipment with the Chinese and Russian DPRK-affiliated teams.
Additional Layers of ConcernOne alarming aspect of the investigation was the discovery of overlaps of Russian Telecom IP addresses among developers posing as US and Malaysia residents.
In one case, a developer accidentally disclosed their other identity on a notepad, further exposing the deceitful practices used by these workers.
ZachXBT also noted that recruitment companies have hired some developers for these projects. Some referred each other for jobs, showing the depth of their penetration into the industry.
Notably, this network's ability to embed itself within legitimate crypto projects raises serious concerns about the industry's security.
ZachXBT emphasized that many experienced teams have unknowingly hired these North Korean developers, making it unfair to blame them for the breaches.
After ZachXBT posted his findings, another project quickly realized they had hired one of the DPRK IT workers listed in his report.
Within minutes of the discovery, the worker, who went by the codename Naoki Murano, left the project's chat and wiped their GitHub account clean.
This latest discovery by ZachXBT adds another layer to the ongoing concern about North Korea's aggressive tactics in the digital sector. It highlights the need for heightened vigilance and more robust safeguards within the crypto industry.
The post ZachXBT Uncovers 21 North Korean Devs Making $500,000 Monthly in Crypto Sector appeared first on The Tech Report.