ZACHXBT Exposes North Korean Hackers Targeting Meme Tokens: $1M Stolen in Latest Exploits
- How Are North Korean Hackers Infiltrating Meme Token Projects?
- Which Projects Were Hit by the $1M Exploits?
- What’s the DPRK’s Playbook for Crypto Hacks?
- How Can Projects Avoid DPRK Developer Scams?
- Your Meme Token Security Questions Answered
In a shocking revelation, blockchain investigator ZachXBT has uncovered a coordinated campaign by North Korean-linked hackers infiltrating meme token projects on ethereum and Solana. Over $1 million was stolen in recent exploits, with attackers posing as developers to compromise projects tied to Pepe creator Matt Furie and others. This report breaks down the tactics, impacted projects, and red flags for the crypto community. ---
How Are North Korean Hackers Infiltrating Meme Token Projects?
Recent investigations by ZachXBT and cybersecurity researchers reveal a sophisticated operation by the DPRK’s "RPPC Hacker Network." The group:
- Poses as freelance blockchain developers using aged social media/GitHub profiles
- Offers malicious code for token creation/trading automation (notably on Solana)
- Targets newly launched projects with weaker security, like FAVVR and Chain/SAW NFTs
One confirmed hacker was hired by FAVVR, leading to a $680K exploit. The BTCC team notes these attacks mirror past DPRK web3 cons, where fake job postings delivered malware.
Which Projects Were Hit by the $1M Exploits?
The attackers focused on:
| Project | Loss | Connection |
|---|---|---|
| FAVVR | $680K | CTO Alex Hong vanished post-attack |
| Chain/SAW NFTs | $220K | Linked to Matt Furie’s Pepe IP |
| Other Solana tokens | $100K+ | Fake dev teams on bomb.fun |
On June 27, 2025, ZachXBT tweeted evidence tying the attacks to North Korean IT workers. Hackers minted fraudulent NFTs, crashing floor prices to zero.
What’s the DPRK’s Playbook for Crypto Hacks?
Beyond meme tokens, the group:
- Runs fake freelancer sites (e.g., "Digital Living") to infiltrate projects
- Shares "copy-trade tools" for Solana to spread malicious code
- Uses stolen identities (Polish/US nationals) to bypass scrutiny
As spotted by @blackbigswan on June 26, one hacker team even recruited a Canadian facilitator (@0XTAN1319). The BTCC team warns:
How Can Projects Avoid DPRK Developer Scams?
Vet developers aggressively:
- Verify offline identities via video calls
- Audit GitHub histories (look for sudden activity spikes)
- Monitor for reused code from known exploits
ZachXBT’s full hacker profile list remains undisclosed to avoid tipping off active operatives.
---Your Meme Token Security Questions Answered
Are all meme tokens unsafe now?
No. Attacks targeted specific new projects with lax hiring practices, not established tokens.
Which chains are most at risk?
Ethereum and solana were primary targets, but BNB Chain/Arbitrum code was also offered by hackers.
Did exchanges like BTCC freeze stolen funds?
No confirmation yet. The BTCC team advises checking wallet approvals via revoke.cash.
