Hackers associated with the Democratic People’s Republic of Korea (DPRK) have reportedly lost 46,300 XRP, worth approximately $121,000, after making a doltish error during a cryptocurrency transaction. The incident, which occurred on February 4, 2025, at around 14:04 UTC, was identified by crypto security sleuth ZachXBT on his Telegram channel.
According to ZachXBT, an account linked to the DPRK exploiters was attempting to deposit the stolen XRP into the OKX crypto exchange, but failed to include a crucial component: the destination tag.
Destination tags, mostly known as user IDs, help crypto exchanges identifying the recipient of a cryptocurrency transaction, particularly those that handle large volumes of transfers. Without this identifier, exchanges cannot determine which account the funds should be credited to. In this case, the DPRK sent the XRP to OKX, without including the destination tag.
DPRK loses thousands worth of XRP
The lost XRP is believed to have been stolen in a prior hack, part of the DPRK’s strategy of using cyberattacks to fund its operations. Blockchain transaction data shows the address received the stolen funds earlier today, at around 13:43 UTC. Two hours prior to making the error, the exploiters had made 18 successful transactions, all above 40,000 XRP.
On the XRP explorer transaction details page, OKX acknowledged it had received the funds but didn’t allocate them to any specific user. Without the tag, the crypto trading platform has no way of knowing which account the 46,363.3 XRP belongs to, and has asked the “senders” to contact customer care to solve the issue.
North Korea has long been accused of orchestrating cryptocurrency heists to bypass international sanctions and finance its regime. Over the years, the country’s hacking groups, such as the infamous Lazarus Group, have targeted exchanges, wallets, and decentralized finance (DeFi) platforms, amassing billions in stolen digital assets.
DPRK continue crypto hacking trend
According to a 2024 Chainalysis report cited by Bloomberg, digital criminals associated with North Korea were responsible for more than half of the $2.2 billion stolen from cryptocurrency platforms this year. Across 47 incidents, these groups took $1.34 billion, more than doubling the $660.5 million stolen in 20 incidents throughout 2023.
One of the tactics employed by these hackers, as revealed by ZachXBT, involves remote work opportunities. By posing as IT professionals, these cybercriminals gain access to sensitive data and proprietary systems within major corporations, and use their time in the companies to leak data to their accomplices, before finally making away with companies’ reserves.
1/ Recently a team reached out to me for assistance after $1.3M was stolen from the treasury after malicious code had been pushed.
Unbeknownst to the team they had hired multiple DPRK IT workers as devs who were using fake identities.
I then uncovered 25+ crypto projects with… pic.twitter.com/W7SgY97Rd8
— ZachXBT (@zachxbt) August 15, 2024
Additionally, hackers linked to North Korea’s Reconnaissance General Bureau have created fake employment websites to catch unsuspecting users. These sites then collect sensitive information from downloaded malicious software and expand Lazarus Group’s criminal reach.
On December 12, the US Department of Justice indicted 14 North Korean nationals for fraud and money laundering. Prosecutors claim that these citizens posed as remotely employed IT workers at American companies. In the end, they collectively earned over $88M through data theft and extortion schemes.
Cryptopolitan Academy: Are You Making These Web3 Resume Mistakes? – Find Out Here
Source: https://www.cryptopolitan.com/dprk-loses-46-3k-xrp-worth-121k-transaction/