ZachXBT, the well-known crypto sleuth, has uncovered a network of North Korean developers earning up to $500,000 monthly through crypto projects.
The investigator shared these findings on X on August 15, exposing what he believes to be a highly coordinated operation run by a single entity in Asia.
According to ZachXBT, this network employs at least 21 developers who have infiltrated over 25 crypto projects and have stolen millions of dollars from unsuspecting organizations.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe – We publish new crypto explainer videos every week!
The network was discovered when a team sought ZachXBT’s help after $1.3 million was stolen from their treasury due to malicious code inserted by developers. The team was unaware they had hired North Korean IT workers using fake identities.
Through his investigation, ZachXBT traced multiple payment addresses linked to these developers. He found that one group of developers had received $375,000 in the last month alone, with total transactions amounting to $5.5 million.
One person connected to these transactions is Sim Hyon Sop, who has been sanctioned by the US Office of Foreign Assets Control (OFAC) for allegedly coordinating financial transfers that support North Korea’s weapons programs.
ZachXBT’s investigation also linked other payment addresses to another OFAC-sanctioned individual, Sang Man Kim, who is believed to have received $2 million in crypto for selling IT equipment to North Korean teams in China and Russia.
ZachXBT emphasized that several experienced teams had unknowingly hired these North Korean developers. He mentioned an incident where another project realized they had hired a North Korean IT worker, Naoki Murano, listed in his findings. When the project shared ZachXBT’s post in their group chat, Murano immediately left the chat and deleted his GitHub account.
The involvement of organizations linked to North Korea in cyberattacks and scams is not new. Among the most notorious groups associated with North Korea is the Lazarus Group, which laundered over $200 million in crypto through more than 25 hacks between 2020 and 2023.
ZachXBT’s findings add to the growing evidence of North Korea’s involvement in a complex web of cybercrime within the cryptocurrency industry.
Gode is a Web3 Market Analyst who researches the most important industry events and interprets how they affect the wider Web3 space. Her formal education in media culture & digital rhetoric allows her to employ a methodical approach to evaluating critical Web3 news data, including large-scale events and the wider social sentiment within the ecosystem.Gode is a mutilingual professional, having studied in multiple universities all across Europe. This allows her to have a one-of-a-kind opportunity to analyze Web3 social sentiments spanning different cultures and languages and, in turn, develop a much deeper understanding of how the Web3 space is growing within different communities. With the rest of her team, Gode works to identify crucial crypto news patterns and provide unbiased and data-driven information.Gode’s passions include working and communicating with people, and when she’s not researching Web3 news, she spends her time traveling and watching true crime documentaries.