🚨 North Korean Hackers’ Playbook EXPOSED: How They Infiltrate Crypto Startups? 🚨
🕵️♂️ Inside the Hackers’ Strategy:
Crypto investigator ZachXBT has uncovered secret documents revealing exactly how North Korean hackers sneak into Web3 startups.
Working in five-person teams , they juggle 30+ fake identities —complete with forged IDs , LinkedIn/Upwork accounts, and VPNs —to land IT jobs. Once in, they quietly hunt for security gaps before passing them to elite hacking units like Lazarus 🎯.
🌍 Real-World Cases of DPRK Infiltration:
■North Korean IT operatives have quietly slipped into dozens of crypto and tech projects, often under stolen or fabricated identities 🪪. Here are some high-profile examples:
■Sushi 🍣 – $3M hack tied to DPRK hires via fake profiles.
■Injective, ZeroLend, Fantom, Yearn Finance, Cosmos Hub 💻 – Legit-looking devs later sent pay to sanctioned wallets.
■Truflation 📊 – Early hires included DPRK operatives posing as “Ryuhei” from Japan and other global personas.
■DeltaPrime 💸 – Lost $6M to “Naoki Murano,” later confirmed DPRK agent.
■Fake U.S. Firms 🏢 – DPRK fronts like Blocknovas LLC (NM) & Softglide LLC (NY) used to push malware; FBI seized Blocknovas’ domain.
■Global False Personas 🌐 – Aliases like “Jenson Collins” ran from Laos and Russia, linked to millions stolen; 1,000+ emails tied to DPRK IT networks found.
🛑 Pattern: They infiltrate, appear legitimate, then hand vulnerabilities to Lazarus. This spans startups, established protocols, and fake corporations.
💡 Lesson: Even weak cover stories work when hiring skips vetting.
⚠️ Startups’ Biggest Weakness Isn’t Tech—It’s Negligence:
Despite clear warning signs , many startups dismiss investigator alerts or refuse to cooperate. These hackers rely on lazy hiring practices and minimal vetting.
🛡️ How to Stay Safe?:
Awareness + collaboration stop most infiltration. Spot VPN tells, verify IDs , and heed warnings to prevent breaches . #CYBER
