North Korean Hackers Swipe $1M+ in Pepe NFT Heist – Crypto Security Under Fire
Another day, another crypto bloodbath—this time with a geopolitical twist. North Korean operatives just pulled off a seven-figure digital art heist, targeting Pepe-themed NFT projects. Here’s how they did it.
The breach: Fast, flashy, and financially devastating
Attackers bypassed security protocols like a hot knife through butter, draining wallets faster than a degenerate gambler at a Binance futures table. The take? Over $1 million in stolen assets—enough to fund a missile test or two.
Why Pepe NFTs? Low-hanging fruit with high meme value
While Bitcoin maximalists scoff at ‘jpegs with delusions of grandeur,’ the reality stings: NFT projects remain juicy targets. Weak smart contract audits meet viral branding—a hacker’s dream cocktail.
The fallout: Trust evaporates faster than a shitcoin’s liquidity
Investors scream for regulation while anarchists double down on ‘not your keys, not your crypto’ mantras. Meanwhile, institutional players quietly update their ‘risk assessment’ slides—right after liquidating their NFT positions.
One thing’s clear: In the Wild West of web3, the outlaws still wear the whitest hats. And they’re getting bolder by the block.
- Pepe NFT projects hacked, over $1M stolen by North Korean operative posing as IT staff at Chainsaw and CTO at Favrr.
- Matt Furie’s Replicandy collection was compromised after a hacker hijacked the minting contract and crashed floor prices.
- Lazarus Group suspected, with blockchain analyst ZachXBT linking the attack to North Korean crypto laundering methods.
Pepe NFT projects linked to original Pepe the Frog creator Matt Furie have suffered a devastating cyberattack, reportedly orchestrated by North Korean hackers. The breach, which resulted in over $1 million in losses, has shaken the NFT community and exposed serious security gaps in Web3 project management.
1/ Multiple projects tied to PEPE creator Matt Furie & ChainSaw as well as another project Favrr were exploited in the past week which resulted in ~$1M stolen
My analysis links both attacks to the same cluster of DPRK IT workers who were likely accidentally hired as developers. pic.twitter.com/85JRm5kLQO
The incident centers around Matt Furie, the visual artist who created the widely recognized Pepe character over two decades ago. While Furie has publicly distanced himself from the meme coin movement that adopted his artwork without consent, he recently sought to enter the NFT space on his terms. Partnering with Chainsaw, an NFT startup, Furie helped launch several official Pepe NFT collections, including one called Replicandy.
However, according to leading blockchain investigator ZachXBT, that partnership turned disastrous after Chainsaw inadvertently hired a North Korean operative for a key IT role. The hacker, posing as a legitimate candidate, was granted back-end access.
In a stealth MOVE executed during off-hours, the individual transferred the minting contract for Replicandy, a critical control point that allowed them to mint countless NFTs and tank the floor price of the collection.
The same hacker repeated this attack on three other Chainsaw-backed NFT collections, ultimately draining around $310,000. Just days later, a similar breach hit another NFT platform, Favrr, resulting in $680,000 in losses. This time, the infiltrator had been hired as Favrr’s Chief Technology Officer, highlighting a severe lack of background checks and basic operational security.
10/ DPRK ITW consolidation 0x477 received payroll from the project Favrr which was exploited for $680K+ on June 25, 2025
I suspect they have a second ITW on payroll as well because the exploiter address is tied to a Gate deposit address 0xab7 which ITW 2 sent payroll to.
Favrr… https://t.co/mRRYNgj7kl pic.twitter.com/1KKDNwGsID
Chainsaw Silent After Pepe NFT Breach
By analyzing transaction patterns and laundering methods on the blockchain, ZachXBT traced the attacks back to a small group linked to North Korea, likely associated with the infamous Lazarus Group, which has previously been responsible for some of the largest hacks in crypto history.
8/ Other indicators revealed from internal logs point out irregularities in a suspected DPRK IT workers resume.
Why WOULD a developer who claims to be living in the US have a Korean language setting, Astral VPN usage, and have an Asia/Russia time zone?
Despite the scale of the damage, Chainsaw and Matt Furie have remained largely silent. Chainsaw briefly posted a warning to its social media channels before deleting it. Furie has issued no statement and has disabled his direct messages on X (formerly Twitter). In contrast, Favrr has at least acknowledged the breach publicly.
This series of attacks not only underscores the growing threat of state-sponsored crypto crime but also serves as a wake-up call to NFT creators and blockchain firms. In an increasingly high-stakes environment, basic due diligence, robust hiring practices, and multi-layered security protocols are no longer optional; they are essential.
With Pepe NFT projects now caught in the crossfire, this incident serves as both a cautionary tale and a stark reminder that the human element remains the biggest vulnerability in Web3.
