In the world of cryptocurrencies, the fight against cyber threats continues, and the renowned blockchain detective ZachXBT (a pseudonym for an anonymous researcher) has published a detailed analysis that reveals the methods of North Korean hackers and offers effective ways to prevent their attacks. ZachXBT shared data obtained from an anonymous hacker who hacked a device of one of the North Korean IT workers. This incident revealed how a small team of five manages over 30 fake identities, using forged government IDs, purchased accounts on Upwork and LinkedIn to infiltrate projects as blockchain developers.
According to ZachXBT, hackers from the Lazarus group (or DPRK IT workers) coordinate actions via Google Drive, Chrome profiles, and Google Translate (with translations into Korean via Russian IPs). They spend about $1489 a month on operations: on VPNs, proxies, computer rentals, AI services, and AnyDesk for remote access. These fake personas submit resumes for positions as smart contract engineers or blockchain developers, infiltrating companies like Polygon Labs or even Binance. After getting hired, they look for vulnerabilities for theft, as in the case of the $680,000 Favrr hack in June 2025 or the mass theft from Bybit of $1.5 billion in February.
ZachXBT emphasizes that hackers' methods are not high-tech: they rely on persistence and the volume of applications. The main way to prevent attacks is to strengthen candidate verification during hiring. Recommendations include: thorough resume verification, checks for fake accounts on LinkedIn/Upwork, monitoring IP addresses (Russian or Korean), requesting video interviews with a camera (where deepfakes 'break'), loyalty testing (for example, asking to say something negative about Kim Jong Un), and collaborating with freelance platforms. 'HR departments are overwhelmed, but basic checks will stop 90% of such infiltrations,' notes the researcher. The lack of cooperation between the government and the private sector exacerbates the problem, but U.S. Treasury sanctions against 6 individuals and 4 entities are already in effect.
This analysis debunks the myth of the 'geniuses' of North Korean hackers: IT workers are 'losers' from elite groups, but their mass presence is dangerous. The crypto industry has lost billions, so companies must implement strict hiring protocols to avoid risks to smart contracts and wallets. ZachXBT urges not to be afraid but to act: 'A little vigilance — and projects are safe.'
Stay updated on the crypto world! Subscribe to #MiningUpdates for fresh news on mining and blockchain.
#zachxbt #NorthKoreanHackers #DPRKHackers #CryptoSecurity #LazarusGroup #BlockchainThreats #ITInfiltration #CyberAttackPrevention #Web3Security #HiringRisks