An unknown hacker managed to hack into the computer of a North Korean IT specialist and discovered a whole network of scammers who infiltrate cryptocurrency companies under false names. A team of six used 31 fake identities to obtain jobs in blockchain projects.
Cryptocurrency detective ZachXBT published unique data on social media X, obtained from an anonymous source who managed to access the device of one of the North Korean operators. The materials show how a small group of specialists created dozens of fake profiles on LinkedIn and UpWork, purchased government documents, and phone numbers.
One of the group members even interviewed for a universal developer position (who works with both frontend (user interface) and backend) at Polygon Labs $POL . The correspondence revealed prepared responses for the interview, where the scammers claimed to have worked for the NFT marketplace OpenSea and the oracle provider Chainlink $LINK .
North Korean IT specialists obtained positions as 'blockchain developers' and 'smart contract engineers' on freelance platforms. To perform their work, they used remote access programs like AnyDesk, while VPNs hid their real locations.
Google to aid hackers
Exported data from #Google Drive and Chrome profiles showed that the group actively used Google tools to manage schedules, tasks, and budgets. Communication was conducted in English using Google Translate from Korean to English.
One of the tables states that in May, IT specialists spent a total of $1,489.8 on operational expenses. To convert fiat money into cryptocurrencies, they often used the payment system Payoneer.
Connection to the hack of $680,000
One of the group's wallets — '0x78e1a' — is directly linked to the hack of the fan token marketplace Favrr in June, during which the attackers stole $680,000. ZachXBT claimed at the time that the project's CTO Alex Hong and other developers were disguised North Korean specialists.
North Korean hacker groups are responsible for stealing billions of dollars from the cryptocurrency industry. In February, they hacked the Bitbit exchange for $1.4 billion.
The data also revealed the scammers' areas of interest. One of the search queries concerned the possibility of deploying ERC-20 tokens on the Solana network, while another was about leading artificial intelligence development companies in Europe.
ZachXBT urged cryptocurrency and technology companies to more thoroughly check potential employees. According to him, many of these operations are not particularly complex, but the large number of applications often leads to negligence among hiring teams.
Last month, the U.S. Department of the Treasury imposed sanctions against two individuals and four organizations involved in the North Korean network of IT specialists infiltrating cryptocurrency companies. The lack of cooperation between technology companies and freelance platforms only exacerbates the problem.
