Blockchain investigator ZachXBT revealed a complex network of North Korean developers allegedly raking in as much as $500,000 monthly working on numerous crypto projects. At least 21 developers are involved in this cryptic activity, a larger revelation of how North Korea has infiltrated the world of cryptocurrencies. The team comprises skilled IT workers who, using allegations, have syphoned off millions of dollars through malicious code and fake identities. The implications of this discovery go much further in the crypto world as it suggests the need for more stringent crypto frameworks and security protocols. Experts believe that the Korean Government is saddled with the responsibility of bringing this illegal group to justice once the evidence is corroborated as facts.
The Investigation: Following the Crypto Trail
A well-known on-chain expert, ZachXBT, just shared his findings with his 618,000 followers on X, saying a single actor in Asia who was almost certainly operating out of North Korea had syphoned off between $300,000 and $500,000 per month by hiring a team of no less than 21 employees. It was found that workers were actively contributing to more than 25 different crypto projects using pseudonymous identities to conceal their actual affiliations.
The investigation began when a team contacted ZachXBT after noticing that malicious code had syphoned $1.3 million from their treasury. Further investigation revealed that the team had unknowingly hired multiple North Korean IT workers who had stolen the funds. It is one example of the much larger network ZachXBT believes is operating under the radar.
ZachXBT followed many payment addresses, which led him to the identification of a cluster of developers who received $375,000 in just the past month. These transactions went as far back as $5.5 million in previous dealings with the same developers, funnelling into an exchange deposit address from July 2023 to 2024. It has since been traced back to IT workers based out of North Korea, particularly one individual named Sim Hyon Sop, whom OFAC sanctioned allegedly for coordinating financial transfers that support North Korea’s weapons programs.
North Korean Cybercrime: A Growing Threat
The revelations by ZachXBT add an entirely new dimension to the complex web of North Korean cybercrime. Several cybercrime activities have been carried out by the Democratic People’s Republic of Korea, including phishing attacks, exploitation of software vulnerabilities, and organisation infiltrations. This is often conducted through state-sponsored groups such as the famous Lazarus Group, reportedly responsible for over $3 billion in crypto assets stolen within six years until 2023.
ZachXBT’s research also discovered connections to another OFAC-sanctioned person, Sang Man Kim, earlier on charges of DPRK-related cybercrime. Kim, being accused of salary payment to North Korea’s Overseas worker delegation’s relatives, received $2 million in crypto for selling IT equipment to North Korean-linked teams living in China and Russia.
Some developers were placed by recruitment companies; others referred each other to jobs. ZachXBT discovered that some developers who claimed to be residents of the United States and Malaysia had overlapping Russian Telecom IPs. One of the developers even leaked other identities on a notepad, exposing how far the network could reach.
Conclusion: The Global Implications of North Korea’s Crypto Infiltration
Uncovering a North Korean network of crypto developers making $500,000 a month raises some profound questions regarding broader implications for global security and the integrity of the cryptocurrency industry. The revenues, allegedly funnelled back to North Korea, could finance programs related to that country’s controversial weapons development.
The conclusions by ZachXBT dictate a manifold increase in vigilance and due diligence in hiring practices across the board in the crypto space. As North Korea continues to utilise cryptocurrencies’ anonymity and decentralisation characteristics, organisations should set up effective security measures to prevent such infiltration. The global community must be alert to such threats, for it is impossible to let the crypto revolution become an instrument for such nefarious state-sponsored activities. Discover more interesting news from Deythere.