Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
North Korean developers are building a crypto empire for $500,000 a month.
Blockchain researcher discovered a network of developers from North Korea who earn up to $500,000 a month working on projects in the cryptocurrency industry. ZachXBT assumes that North Korea is behind the activities of specialists.
According to ZachXBT, the development team consists of at least 21 employees who work on more than 25 crypto projects. The researcher also said that he was recently approached by one of the projects with a request for help. The project sounded the alarm after $1.3 million was stolen from the budget due to the introduction of malicious code. As it turned out, the affected team, unaware of this, hired several North Korean IT workers who used fake identities.
Fake documents of North KoreanIT specialists
Further investigation revealed that the stolen $1.3 million was laundered through a chain of transactions that included the transfer of funds to the attackers ' address and ended with the transfer of 16.5 ETH to 2 different exchangers. ZachXBT concluded that developers are part of a much broader network.
Analyzing several payment addresses, the researcher found a group of developers who received $375,000 in the last month, and the total amount of transactions for the period from July 2023 to the beginning of 2024 was $5.5 million. The funds were transferred to a deposit address on a cryptocurrency exchange, which further strengthened ZachXBT's suspicions about the involvement of North Korean IT workers.
The investigation also revealed links to a certain Sim Hyun-sop, who is under US sanctions for coordinating financial transfers that are aimed at financing North Korea's weapons program. Other payment addresses were linked to another sanctioned person, Sang Man Kim, who is linked to North Korean cybercrime.
Some of the developers were hired through recruitment agencies and sometimes recommended each other for the job. The researcher also noted that the developers were hired by several experienced teams, so it is unfair to put the blame only on them.
An example of this was the case when a representative of one of the crypto projects discovered that he had hired a developer from North Korea named Naoki Murano. After information about this spread in the work chat, Murano left the chat and deleted his GitHub profile within two minutes.
Companies associated with the DPRK have been suspected of numerous cyber attacks and fraudulent schemes in recent years. Recall that in early August, 38-year-old Matthew Isaac Knuth was arrested in the United States on charges of helping North Korean IT specialists get remote work in American companies. The arrested man created conditions for specialists from North Korea, using fake data, to impersonate US citizens. The most well — known group associated with the DPRK is Lazarus Group, which stole over $2 billion in cryptocurrency assets over 6 years (as of April).
Source
Blockchain researcher discovered a network of developers from North Korea who earn up to $500,000 a month working on projects in the cryptocurrency industry. ZachXBT assumes that North Korea is behind the activities of specialists.
According to ZachXBT, the development team consists of at least 21 employees who work on more than 25 crypto projects. The researcher also said that he was recently approached by one of the projects with a request for help. The project sounded the alarm after $1.3 million was stolen from the budget due to the introduction of malicious code. As it turned out, the affected team, unaware of this, hired several North Korean IT workers who used fake identities.
Fake documents of North KoreanIT specialists
Further investigation revealed that the stolen $1.3 million was laundered through a chain of transactions that included the transfer of funds to the attackers ' address and ended with the transfer of 16.5 ETH to 2 different exchangers. ZachXBT concluded that developers are part of a much broader network.
Analyzing several payment addresses, the researcher found a group of developers who received $375,000 in the last month, and the total amount of transactions for the period from July 2023 to the beginning of 2024 was $5.5 million. The funds were transferred to a deposit address on a cryptocurrency exchange, which further strengthened ZachXBT's suspicions about the involvement of North Korean IT workers.
The investigation also revealed links to a certain Sim Hyun-sop, who is under US sanctions for coordinating financial transfers that are aimed at financing North Korea's weapons program. Other payment addresses were linked to another sanctioned person, Sang Man Kim, who is linked to North Korean cybercrime.
Some of the developers were hired through recruitment agencies and sometimes recommended each other for the job. The researcher also noted that the developers were hired by several experienced teams, so it is unfair to put the blame only on them.
An example of this was the case when a representative of one of the crypto projects discovered that he had hired a developer from North Korea named Naoki Murano. After information about this spread in the work chat, Murano left the chat and deleted his GitHub profile within two minutes.
Companies associated with the DPRK have been suspected of numerous cyber attacks and fraudulent schemes in recent years. Recall that in early August, 38-year-old Matthew Isaac Knuth was arrested in the United States on charges of helping North Korean IT specialists get remote work in American companies. The arrested man created conditions for specialists from North Korea, using fake data, to impersonate US citizens. The most well — known group associated with the DPRK is Lazarus Group, which stole over $2 billion in cryptocurrency assets over 6 years (as of April).
Source
