Close Menu
What The FinanceWhat The Finance
    What's Hot

    Whistleblowers Unmask Schwab’s Toxic WEF Secrets

    April 25, 2025

    Capital One-Discover Merger Reshaping the Credit Card Industry

    April 24, 2025

    Michael Saylor’s Strategy New $286 Million Bitcoin Purchase

    April 15, 2025
    Facebook X (Twitter) Instagram
    X (Twitter) Facebook YouTube
    What The FinanceWhat The Finance
    Donate
    • NewsWire

      Capital One-Discover Merger Reshaping the Credit Card Industry

      April 24, 2025

      Michael Saylor’s Strategy New $286 Million Bitcoin Purchase

      April 15, 2025

      Breaking Down the U.S. Budget

      February 14, 2025

      The Financial Impact of Mizotakis Resigning in Greece

      February 1, 2025

      Incoming US President Shocks with $TRUMP Memecoin Launch

      January 18, 2025
    • Bitcoin

      The Rise of State-Level Strategic Bitcoin Reserves

      February 19, 2025

      How Oklahoma is Embracing Bitcoin with Legislation

      January 15, 2025

      Without Bitcoin: A Grim Vision of the Financial Future

      January 6, 2025

      Rumble Video Creators to Be Paid in Bitcoin

      December 24, 2024

      French Politician Advocates for EU Bitcoin Reserve

      December 17, 2024
    • Crypto

      The DAO Governance Battle Between Corporations & Blockchain Rebels

      October 25, 2024

      Altcoin Season Coming to an End? BTC Dominance & Institutions

      September 27, 2024

      Is Tether a $118 Billion Dollar Scandal Waiting to Happen?

      September 18, 2024

      Uncovering North Korean IT Workers in DeFi Scam

      August 16, 2024

      Navigating the Crypto Market: Avoiding Liquidation & Bull Traps

      July 24, 2024
    • Stocks

      NASDAQ 100 Welcomes Bitcoin Through MicroStrategy

      December 14, 2024

      Master the Time Value of Money Financial Concept

      December 9, 2024

      MicroStrategy Convertible Debt Expansion Sparks Stock Surge

      November 21, 2024

      Financial Ratios Guide to Measuring Business Performance

      November 18, 2024

      The Highest Paid CEOs of 2024

      October 1, 2024
    • Global Economy

      Whistleblowers Unmask Schwab’s Toxic WEF Secrets

      April 25, 2025

      Tariff Tensions Drive Market Volatility

      April 9, 2025

      Red in Name Only: Labour’s War on the UK Working Class

      March 18, 2025

      AI, Robotics & the Future of Cheap Production

      January 20, 2025

      Can Milei Inflation Gamble Hurt Argentina’s Future?

      January 13, 2025
    • TradFi
      • Investment Ideas
      • Forex
      • Commodities
      • Best Deals
    • Markets
      • Cryptocurrency Prices
      • Fear & Greed Index
      • World Market Indices
      • US Stock Market
      • Live Forex Rates
      • S&P 500
      • Gold
    What The FinanceWhat The Finance
    Home»Crypto»Uncovering North Korean IT Workers in DeFi Scam
    North Korean IT Workers in DeFi Scam
    Crypto

    Uncovering North Korean IT Workers in DeFi Scam

    August 16, 2024No Comments5 Mins Read
    Share
    Twitter Facebook Reddit LinkedIn Telegram

    In decentralized finance (DeFi), unfortunately scams and malicious actors can be constant threats. ZachXBT, known for his investigative work in uncovering crypto fraud, has once again exposed a massive, under-the-radar operation that had the audacity to infiltrate 25+ crypto projects. This time, the operation wasn’t merely a phishing scam or rug pull; it involved a sophisticated network of North Korean IT workers using fake identities to siphon millions from project treasuries.

    The Incident: A $1.3M Heist

    The drama unfolded when a team reached out to ZachXBT after $1.3M vanished from their treasury due to malicious code that had been pushed by their developers. Upon investigating, ZachXBT discovered that the team had unknowingly hired multiple North Korean IT workers disguised as developers with fake identities. These devs were no amateurs. They managed to exploit their trusted roles within the project to orchestrate the theft, leading to the following laundering scheme:

    1. Transfer $1.3M to a theft address
      (Address: 6USfQ9BX33LNvuR44TXr8XKzyEgervPcF4QtZZfWMnet)
    2. Bridge $1.3M from Solana to Ethereum via deBridge
    3. Deposit 50.2 ETH to Tornado Cash, a notorious Ethereum mixer
    4. Transfer 16.5 ETH to two separate exchanges

    But this wasn’t an isolated case. The investigation quickly grew as Zach uncovered an entire network of developers with ties to North Korea’s sanctioned entities, siphoning funds and working across multiple crypto projects.

    The Larger Network: 25+ Crypto Projects at Risk

    Further investigation revealed a more extensive operation that had been running since June 2024. ZachXBT managed to map out a cluster of payment addresses tied to 21 developers who were part of the same network. This cluster had processed around $375K in payments over the previous month.

    Through this network of DPRK-linked developers, over $5.5M had flowed into exchange deposit addresses between July 2023 and 2024. Among the names connected to these payments was Sim Hyon Sop, a figure under OFAC (Office of Foreign Assets Control) sanctions for his role in North Korea’s cyber activities.

    Funny But Disturbing Moments: Accidental Leaks and IP Overlaps

    While the investigation was a serious matter, it wasn’t without its moments of dark humor. For example, one of the devs accidentally leaked their multiple identities while being recorded, revealing the tangled web of fake personas. Additionally, ZachXBT found amusing overlaps in IP addresses: the devs supposedly based in the U.S. and Malaysia were actually using Russian Telecom services.

    More disturbingly, Zach discovered that the payment addresses of several of these devs were just a few hops away from notorious names like Sang Man Kim and Sim Hyon Sop, both under OFAC sanctions for their roles in North Korea’s malicious cyber activities.

    How Did They Do It?

    These devs didn’t merely worm their way into a single project, but they were operating across multiple projects at once. The use of recruitment agencies helped place them into teams where they could exert influence and move funds. ZachXBT’s research uncovered that some of these developers were involved in more than 25 crypto projects simultaneously, raking in between $300K and $500K per month by using fake identities.

    Spotting the Red Flags: How to Protect Your Project

    As the crypto space grows, so does the complexity and sophistication of attacks. ZachXBT outlined a few tell-tale signs that teams should look out for when hiring developers, especially given this recent infiltration:

    1. Referral Networks: Be wary if a dev is highly recommended by other devs who all seem to know each other. These groups often refer one another into new roles to keep their network intact.
    2. Too Good to Be True Resumes: Excellent GitHub activity and attractive resumes are often masks for shady work histories. Don’t just rely on surface-level activity—ask probing questions.
    3. KYC with Fake IDs: These devs are often willing to submit to KYC (Know Your Customer) checks, but they submit fake identification in hopes that teams won’t dig deeper.
    4. Location Inconsistencies: Ask specific questions about the location they claim to be from. Fake identities often fail to hold up under close scrutiny.
    5. Swift Replacements: If one dev gets fired, another account might pop up almost immediately, claiming to be a new hire. This could be an indication of the same network trying to maintain control.
    6. Performance Declines: While these devs might initially perform well, they tend to underperform once embedded in the project, often after the first round of payments has been sent.
    7. Common Interests: They may have popular NFT profile pictures, often as part of a ruse to blend in with the broader crypto community.
    8. Accents and Communication Styles: While not definitive, many of these devs have a discernible Asian accent when communicating on calls, which could be a further indicator.

    No Conspiracy, Just Hard Facts

    If you’re one of the skeptics who think attributing every crypto scam to North Korea is a conspiracy, ZachXBT’s research proves otherwise. The evidence points to a single entity in Asia receiving between $300K and $500K per month by working at 25+ projects concurrently, all under fake identities.

    This operation showcases the growing threat that nation-state actors, particularly those from North Korea, pose to the decentralized finance sector. They are not just stealing crypto through hacks and phishing attacks but are now embedding themselves within projects to extract funds directly from the inside.

    Vigilance is Key

    ZachXBT’s latest investigation is a stark reminder of the dangers lurking in the DeFi space. As decentralized projects continue to innovate and grow, so too will the sophistication of bad actors looking to exploit the system. This case highlights the need for stricter vetting processes, enhanced due diligence, and continuous monitoring within the crypto community.

    The line between legitimate developer and cybercriminal is thinner than ever, and teams must remain vigilant to ensure they don’t become the next victim in a growing web of crypto fraud.

    Author Profile

    c7ad6c547054f980bcd19e9c00c237949fd2df960f3bb02742ca08bd0e2a2ba0?s=100&d=mm&r=g
    what the finance
    I have been writing articles about finance, the stock market and wealth management since 2008. I have worked as an analyst, fund manager and as a junior trader in 7 different institutions.
    Latest entries
    • April 24, 2025NewsWireCapital One-Discover Merger Reshaping the Credit Card Industry
    • April 15, 2025NewsWireMichael Saylor’s Strategy New $286 Million Bitcoin Purchase
    • February 14, 2025NewsWireBreaking Down the U.S. Budget
    • November 14, 2024NewsWireCorporate Earnings, Stock Movements & Economic Trends
    Share. Twitter LinkedIn Telegram Reddit Facebook
    Previous ArticleBitcoin: Solution to Centralized Financial Vulnerabilities
    Next Article PwC Fined Record $19M for Failing to Report Suspected Fraud

    Related Posts

    The DAO Governance Battle Between Corporations & Blockchain Rebels

    October 25, 2024

    Altcoin Season Coming to an End? BTC Dominance & Institutions

    September 27, 2024

    Is Tether a $118 Billion Dollar Scandal Waiting to Happen?

    September 18, 2024
    Add A Comment
    Leave A Reply

    Stock Ticker
    • Loading stock data...

    Whistleblowers Unmask Schwab’s Toxic WEF Secrets

    April 25, 2025

    Capital One-Discover Merger Reshaping the Credit Card Industry

    April 24, 2025

    Michael Saylor’s Strategy New $286 Million Bitcoin Purchase

    April 15, 2025

    Tariff Tensions Drive Market Volatility

    April 9, 2025
    Categories
    • Best Deals
    • Bitcoin
    • Commodities
    • Crypto
    • Forex
    • Global Economics
    • Investment Ideas
    • NewsWire
    • Satoshi
    • Stock Market
    Recent Comments
    • Bitcoin Grandad on The Aftermath: Craig Wright, BSV & nChain in Crisis
    • Peter Williamson on SUI: A Rising Force in the Blockchain World
    • Peter Williamson on Robotics Revolution 2024: A Guide to 16 Industry Leaders
    Also Check Out

    Craig Wright Banned from UK Courts with Civil Restraint Order

    March 7, 2025

    The Rise of State-Level Strategic Bitcoin Reserves

    February 19, 2025

    Subscribe to Updates

    Get the latest sports news from SportsSite about soccer, football and tennis.

    Your source for financial news. This is not financial advice. Our opinions are independent of any financial organizations.

    2007 - 2023 | What The Finance Magazine

    We're social. Connect with us:

    Facebook X (Twitter) Instagram YouTube LinkedIn TikTok
    Top Insights

    Whistleblowers Unmask Schwab’s Toxic WEF Secrets

    April 25, 2025

    Tariff Tensions Drive Market Volatility

    April 9, 2025

    Red in Name Only: Labour’s War on the UK Working Class

    March 18, 2025
    Categories
    • Best Deals
    • Bitcoin
    • Commodities
    • Crypto
    • Forex
    • Global Economics
    • Investment Ideas
    • NewsWire
    • Satoshi
    • Stock Market
    Pages
    • About
    • Advertise
    • Get In Touch
    • Markets
    • Privacy Policy
    • Donate
    • Trending Articles

    Type above and press Enter to search. Press Esc to cancel.

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok