North Korean Hackers Infiltrate Crypto Industry: 920 Spies Exposed as Firms Ignore Red Flags
- How Many North Korean Hackers Are Working in Crypto?
- Who Are These Hackers Pretending to Be?
- Why Are Companies Ignoring the Danger?
- How Are the Funds Laundered?
- Q&A: The North Korean Hacker Crisis Explained
A bombshell investigation by blockchain sleuth ZachXBT reveals up to 920 North Korean hackers are secretly employed in crypto startups worldwide, earning millions monthly. Despite glaring warning signs—like Russian IPs and fake LinkedIn profiles—companies continue hiring these operatives, risking data breaches and exit scams. The BTCC team breaks down how negligence fuels this crisis and why these startups are doomed to fail.
How Many North Korean Hackers Are Working in Crypto?
ZachXBT’s on-chain analysis shows North Korean operatives received $16.6 million in crypto payments since January 2025—averaging $2.76 million per month. With salaries ranging from $3K-$5K, this fundsembedded in companies across Europe, Brazil, and beyond. "I’ve tracked 8 operatives across 12+ projects," Zach revealed, sharing wallet addresses that funnel payments to Pyongyang-linked consolidation accounts.
Who Are These Hackers Pretending to Be?
One operative, "Sandy Nguyen," posed as a Web3 engineer but was photographed at a Russian event waving a North Korean flag. Others use stolen identities, deleted LinkedIn profiles, and GitHub username changes to evade detection. "They juggle multiple jobs simultaneously but get fired for incompetence—their turnover is high," noted Zach.
Why Are Companies Ignoring the Danger?
Startups skip basic due diligence despite red flags:
- No video interviews: Hackers claim to be local but refuse face-to-face verification
- Russian IPs: Logins trace to VPNs in Moscow
- Ghost profiles: LinkedIn accounts vanish post-hire
Even stablecoin issuer Circle was cited for lax security. "Hiring these operatives is a startup death sentence," Zach warned. "Their tactics aren’t sophisticated—this is pure corporate negligence."
How Are the Funds Laundered?
North Korea uses:
| Method | Examples |
|---|---|
| U.S. crypto exchanges | BTCC, Coinbase |
| Offshore havens | Cayman Islands, Seychelles |
Zach’s findings suggest traditional companies face greater risks, but fiat payments are harder to trace than crypto transactions.
Q&A: The North Korean Hacker Crisis Explained
How did ZachXBT uncover this network?
By tracking 6 hacker groups’ on-chain payments to shared consolidation wallets, then cross-referencing employment records and social media.
What’s the biggest warning sign for employers?
Candidates who refuse video calls despite claiming to live nearby—a hallmark of North Korea’s remote work scams.
Could this affect non-crypto businesses?
Absolutely. Zach suspects traditional sectors hire more operatives, but crypto’s transparency made this investigation possible.
