Six agents from the Democratic People's Republic of Korea used 31 fake identities to secure global jobs in blockchain and cryptocurrency technology.
Hackers used LinkedIn, UpWork, VPN networks, AnyDesk, and Google tools for coordination and camouflage.
A counter-hacking operation revealed a complex network of IT staff in North Korea, actually utilizing thirty-one individuals to hack cryptocurrency companies. The six-member team, linked to a $680 hacking incident, used commercially available tools like Google Drive, remote access software, and computers to achieve this.
#اخبار_اليوم #اقتصاد_رقمي #wct #اخبار_العملات $BTC
Inside the digital deception campaign in the Democratic People's Republic of Korea
A reverse hacking operation uncovered the internal dynamics of a North Korean IT worker network that stole hundreds of millions of dollars from cryptocurrency firms. According to cryptocurrency investigator ZachXBT, it was found that six agents used thirty-one fake identities to obtain real jobs in blockchain technology development at various companies worldwide.
These digital impostors created completely fake identities, purchasing government ID papers, phone numbers, and professional social media accounts on sites like LinkedIn and UpWork. They were well-organized and wrote answers to interview questions to appear as if they had worked at major companies like OpenSea and Chainlink, enhancing their credibility.
Agents managed to secure jobs as blockchain developers and smart contract engineers with the help of freelance job sites. They used remote access software like AnyDesk to work and hide their actual locations with the assistance of virtual private networks and proxy services.
Internal documents confirmed that mainstream technology tools provided all forms of operational coordination. Expense tracking reports relied on Google Drive spreadsheets, showing total expenses of nearly $1,500 in May, while Chrome browser profiles tracked multiple fake identities simultaneously. Workers primarily communicated in English, leveraging Google Translate services from Korean to English.
Financial data explained how the group transitioned from cash to cryptocurrency through Payoneer payment systems. Each cryptocurrency wallet reflected the characteristics of their financial transactions, while part of their activity included a wallet address linked to exploiting the Favrr market worth $680,000, indicating that the group shifted from initial infiltration to direct theft operations.
Leaked information revealed what the group was seeking in areas of interest, such as how to deploy Ethereum tokens on Solana networks and locate European AI development companies, indicating that their methods were expanding their operations to include emerging technologies beyond traditional cryptocurrency targets.
Security experts noted that these hacking attempts often succeed due to weak employment verification mechanisms, not due to advanced technical manipulation. The number of remote job applications often outweighs screening measures, making it easier for malicious actors to infiltrate and access sensitive information.
Previous North Korean activities demonstrated increasing ambition, notably the theft of the massive Bitbit trading platform worth over a billion dollars. These events highlight the urgent need for due diligence measures in the cryptocurrency and technology sectors to prevent such hacking incidents.