Recent findings by ZachXBT shows that a small team of North Korean IT workers, tied to a recent $680,000 crypto hack, has been using fake identities and mainstream technology to infiltrate crypto projects.
On Wednesday, crypto investigator ZachXBT revealed a rare inside look at a North Korean hacker group, after an anonymous source accessed one of their devices. The information indicated that the hacker group accessed Google resources, VPNs, and borrowed computers to execute their activities and cover their locations.
Fake Identities and Job Infiltration
The information that was leaked shows they used 31 bogus personas, including fabricated government IDs, phone numbers, and bought LinkedIn or Upwork profiles.
They deployed these personas to secure positions like “blockchain developer” and “smart contract engineer” at some cryptocurrency firms. One of the members even went through an interview for a full-stack engineer position at Polygon Labs, while others created fictional work histories at OpenSea and Chainlink.
One of the Spreadsheet of their Google Drive revealed an expense account for $1,489.8 in May alone, for fictitious accounts, VPNs, computer rentals, and AI subscriptions. They managed tasks, meeting schedules, and interview scripts in English, frequently using Google Translate to help them out. Moreover, the group used remote access software such as AnyDesk to work undetectability.
Wider Crypto Theft Network
ZachXBT warns that while these operations aren’t highly sophisticated, they thrive because hiring teams overlook proper background checks. The U.S. Treasury has already sanctioned multiple individuals and entities linked to North Korea’s IT worker network.
This network has stolen millions from the crypto industry, including the high-profile $1.4 billion Bybit exchange hack earlier this year.
Also Read: Koreans Pile Into Stablecoin Frenzy; CRCL Trading Tops, ENA Demand Jumps
