Pepe NFT Project’s Nightmare: Unwittingly Hired a North Korean Hacker—Here’s What Went Down
When meme culture meets geopolitical risk—the Pepe creator's NFT venture just got hacked by the last team you'd ever want on your payroll.
How a rogue regime infiltrated Web3's favorite frog.
North Korea's Lazarus Group has been linked to crypto heists worth billions. Now they've hit the NFT space—through what appears to be a catastrophic vetting failure. The project's 'anonymous dev' turned out to be a front for state-sponsored hackers.
Security experts are calling this the most ironic rug pull in crypto history. The same community that laughs at 'dyor' culture just got schooled by it—with a side of UN sanctions.
Meanwhile, VC-funded NFT platforms keep pretending KYC is optional. Because what could go wrong?
The Increasing Threat of North Korean Hackers
Pepe, the famous cartoon frog, is a popular subject for meme coins, but his original creator has nothing to do with them. Visual artist Matt Furie created the character around 20 years ago.
By partnering with Chainsaw to launch NFT collections, Furie attempted to finally capitalize on the growing industry, but a North Korean hack apparently crashed the project.
ZachXBT, a famous crypto sleuth, posted a comprehensive rundown of the incident. Essentially, an insider transferred the mint contract for Replicandy, one of Furie’s NFT collections, in the middle of the night.
From there, the hacker minted NFTs until the price floor reached zero. Five days later, he did it with three other collections, netting around $310,000.
The attackers had to launder their profits, leaving a breadcrumb trail of blockchain data that ZachXBT was able to trace. By studying this, he came to believe that North Koreans perpetrated the hack.
Specifically, an attacker made a fake profile to interview for an IT role with the project, a known theft tactic. From here, it was trivially easy to bypass all security.
A few days later, another company fell for the same trick. Favrr, an NFT launch platform, lost $680,000 to a hack involving the same small group of North Koreans.
This theft was much more jarring for several reasons, including the huge loss. The company hired this fake candidate to be its CTO, revealing a shocking lack of due diligence.
11/ The Favrr CTO Alex Hong has a background which appears suspicious and is likely one of the two DPRK ITWs hired.
His LinkedIn was very recently deleted.
I also reached out to a project he supposedly worked at but could not verify his work history. pic.twitter.com/aIKb3f63BO
This appalling lack of security is the real problem. ZachXBT recently warned of increased North Korean activity, especially since the Lazarus Group pulled off the biggest hack in crypto history.
Crypto crime is elevated across the board right now, but these firms took next to zero precautions.
Even more damningly, Favrr is the only firm that issued a public statement. Chainsaw briefly posted a warning, which it later deleted, and Matt Furie has been silent, too.
Both also disabled their DMs on X. ZachXBT attempted to reach out to all the impacted parties but was unable to do so.
