Based on materials from the site - By TheCoinrise Media
A small group of North Korean IT specialists linked to the hacking of a cryptocurrency system worth $680,000 in June was caught using Google products, rented computers, and fake IDs to infiltrate blockchain projects, according to leaked device screenshots.
Cryptocurrency expert ZachXBT published the results of an investigation on Wednesday on the X site citing an anonymous source who managed to gain access to one of the employees' devices. This evidence provides a rare glimpse into the tactics used by a group that collectively extracted millions of dollars from the cryptocurrency industry, including the hacking of the Bybit exchange for $1.4 billion in February.
Fake IDs and secret job applications
The leak indicates that six agents used at least 31 fake IDs, including counterfeit government documents, phone numbers, and purchased accounts on LinkedIn and UpWork. These profiles helped them obtain positions such as 'blockchain developer' and 'smart contract engineer' from unsuspecting employers.
In one case, an employee applied for a full-stack engineer position at Polygon Labs. Other files contained pre-written interview answers falsely claiming experience with OpenSea and Chainlink. After being hired, the group reportedly used remote access tools such as AnyDesk and VPN to hide their true location.
The operation appeared to be well-structured. For coordinating schedules, tasks, and budgets in English, they used exports from Google Drive, Chrome profiles, and translation tools. A spreadsheet showed that the group's total expenses in May amounted to $1,489.80, which was used to fund infrastructure for ongoing infiltration attempts.
From the hack of Favrr to sanctions
One of the known wallet addresses of the team, '0x78e1a', is linked to the hack of the fan token marketplace Favrr for $680,000 in June. At that time, ZachXBT claimed that Favrr's CTO, known as 'Alex Hong', and several developers were actually citizens of North Korea operating under false names.
The data leak also hinted at their current research interests, including exploring the possibility of deploying ERC-20 tokens on the Solana platform and identifying leading European companies in the field of artificial intelligence.
ZachXBT called on crypto and technology companies to strengthen comprehensive checks when hiring staff, warning that although these schemes are not always technically advanced, their scale and resilience make them effective. He also pointed to the lack of cooperation between technology companies and freelance platforms as a key vulnerability.
In July, the U.S. Department of the Treasury imposed sanctions on two individuals and four organizations linked to the activities of North Korean IT specialists.
With us (in this group!), those (subscribers!) usually stay who are in search of fresh and relevant news, do not want to browse through dozens of different sites and news publications, and can afford to read all the most interesting content in one news feed!!! 😉
Enjoy your viewing!!! 😊
