North Korean Devs Behind $1.3M Crypto Theft from Over 25 Projects

ZachXBT, an on-chain blockchain investigator, has uncovered a complex crypto scam that resulted in the theft of $1.3 million from a project’s treasury. The breach was traced back to malicious code inserted by developers who were later identified as North Koreans, working for the regime while using fake identities. This discovery has sparked concern in the crypto community, highlighting serious security risks that many projects may face.

1/ Recently a team reached out to me for assistance after $1.3M was stolen from the treasury after malicious code had been pushed.
Unbeknownst to the team they had hired multiple DPRK IT workers as devs who were using fake identities.
I then uncovered 25+ crypto projects with… pic.twitter.com/W7SgY97Rd8
— ZachXBT (@zachxbt) August 15, 2024

One of the affected teams contacted ZachXBT for help, unaware that they had unknowingly hired North Korean developers. These developers had spent time creating convincing profiles, posing as legitimate candidates.

Their deception was so effective that they were able to integrate into the project’s development team, where they inserted code that enabled the theft.

The Scam Runs Deeper: 25 More Projects Targeted

ZachXBT’s investigation revealed that over 25 other crypto projects had unknowingly hired similar developers. Between July 2023 and 2024, these developers received $5.5 million in payments. The funds were traced to addresses connected to individuals on the OFAC sanctions list, including notorious figures such as Sim Hyon Sop and Sang Man Kim.

4/ Prior to this $5.5M flowed into an exchange deposit address with payments DPRK IT workers were receiving from July 2023 – 2024 and connections to Sim Hyon Sop who is OFAC sanctioned.
0x8f0212b1a77af1573c6ccdd8775ac3fd09acf014 pic.twitter.com/dfWpS77GwJ
— ZachXBT (@zachxbt) August 15, 2024

Key Warnings for Crypto Projects

During his investigation, ZachXBT identified several warning signs for teams to look out for when hiring developers. These include candidates who share contacts for job referrals, provide fake resumes with forged work experience, and use fraudulent IDs during the KYC process.

One entity in Asia is reportedly making between $300K and $500K per month by managing over 25 contracts simultaneously. The scale and coordination of this operation underline the need for project teams to carefully review KYC details and thoroughly vet potential hires to protect themselves from future losses.

Also Check Out: Weekly Crypto Hack Report: Largest Incidents and Financial Losses

Is this just the tip of the iceberg? As the crypto industry grows, so do the threats.

Source: https://coinpedia.org/news/crypto-hack-alert-north-korean-devs-behind-1-3m-crypto-theft-from-over-25-projects/