🚨 ZachXBT Exposes $16.58M Crypto Pipeline Funding North Korean IT Operatives

Blockchain sleuth ZachXBT just ripped the lid off a $16.58 million crypto operation funneling cash to Pyongyang-linked tech workers. Turns out decentralized finance isn’t so decentralized when authoritarian regimes start cashing in.

The Smoking Gun: On-chain trails don’t lie—especially when tracing payments to IT teams that somehow always work Pyongyang hours. Who knew ransomware profits could look so much like freelance dev contracts?

Sanctions? What Sanctions: While traditional finance wrestles with KYC paperwork, crypto’s borderless payments keep cutting through red tape like a hot wallet through butter. Another win for ‘financial freedom’—assuming your definition includes funding nuclear programs.

Memo to crypto bros: Maybe vet your ‘rockstar offshore dev team’ before they redeploy your protocol’s TVL into missile research. Just a thought.

North Korean IT teams were outed in voluntary investigations

For some, North Korean hackers in crypto teams are still a conspiracy theory. Most of the recent discoveries are linked to OSINT efforts and real-life tracking and doxxing. 

ZachXBT also adds wallet monitoring, often linking known IT workers with prominent social media profiles based on their wallet connections to known DPRK hacker wallet clusters. ZachXBT warned that North Korean IT workers are infiltrating traditional tech companies as well, but crypto projects often allow for easier tracking, especially if their payrolls are on-chain. 

For now, ZachXBT has not announced the names of crypto projects that were most affected by hackers. Previously, even established protocols like Waves have reported compromised smart contracts due to hiring unvetted IT workers. 

North Korean IT workers also  pose as crypto influencers

Earlier in June, investigators also pointed out several high-profile crypto influencers linked to older meme and NFT projects were also connected to suspicious wallet clusters. Some of the addresses observed by ZachXBT were also flagged as being connected to the Favvr NFT project.

DPRK hackers often do not stay long with projects, but their involvement is risky even with a short stint. DPRK hackers can have multiple roles in projects, including access to multi-sig wallets or other key responsibilities. Since crypto projects only perform audits months or years apart, some DeFi platforms, meme tokens, and other apps may hold hidden risks for exploits.

ZachXBT also notes that the hackers are mostly drawn to MEXC, as well as US-based exchanges including Robinhood and Coinbase. Binance, one of the widely used markets, is now unsuitable, as it has a track record of freezing funds and assisting authorities in intercepting suspicious accounts. The North Korean IT workers often resort to USDC, though trying to conceal the transactions as the stablecoin can be frozen.

Your crypto news deserves attention - KEY Difference Wire puts you on 250+ top sites