Exclusive: ZachXBT Exposes North Korea’s Crypto Heist Blueprint – How They’re Draining Millions

North Korean hackers are running a crypto crime spree—and ZachXBT just ripped open their playbook. Here’s how they’re exploiting DeFi’s weak spots while regulators nap at the wheel.

The Lazarus Playbook: Phishing, Backdoors, and Vanishing Acts

No fancy tech, just social engineering and old-school malware. Their latest trick? Spoofing wallet addresses and draining approvals before victims blink. Security audits? More like a rubber stamp for disaster.

Crypto’s ‘Security Theater’ Problem

While VCs chase the next memecoin, Lazarus Group treats DeFi like an ATM. Their ROI makes Wall Street look amateur—too bad it’s all funded by stolen pension funds and laundered through mixers.

Wake-up call: Until exchanges freeze more than just retail accounts, these heists won’t stop. The irony? A decentralized system still relies on centralized choke points to catch thieves.

Fake Identities and Job Infiltration

The information that was leaked shows they used 31 bogus personas, including fabricated government IDs, phone numbers, and bought LinkedIn or Upwork profiles.

They deployed these personas to secure positions like “blockchain developer” and “smart contract engineer” at some cryptocurrency firms. One of the members even went through an interview for a full-stack engineer position at Polygon Labs, while others created fictional work histories at OpenSea and Chainlink.

One of the Spreadsheet of their Google Drive revealed an expense account for $1,489.8 in May alone, for fictitious accounts, VPNs, computer rentals, and AI subscriptions. They managed tasks, meeting schedules, and interview scripts in English, frequently using Google Translate to help them out. Moreover, the group used remote access software such as AnyDesk to work undetectability.

Wider Crypto Theft Network

ZachXBT warns that while these operations aren’t highly sophisticated, they thrive because hiring teams overlook proper background checks. The U.S. Treasury has already sanctioned multiple individuals and entities linked to North Korea’s IT worker network.

This network has stolen millions from the crypto industry, including the high-profile $1.4 billion Bybit exchange hack earlier this year.

Also Read: Koreans Pile Into Stablecoin Frenzy; CRCL Trading Tops, ENA Demand Jumps