A major earthquake in the cryptocurrency space in 2025! According to on-chain detective ZachXBT's latest investigation, global cryptocurrency
projects
At least 345 to 920 core positions have been secretly infiltrated by North Korean IT personnel, involving exchanges, DeFi protocols, and even top VC investment teams! This number far exceeds the scale of the Lazarus Group's invasion of Atomic Wallet in 2023. North Korean hackers are shifting from 'external attacks' to 'internal parasitism,' and the security war in the cryptocurrency space in 2025 has escalated to the 'workplace infiltration' stage!
News nuclear explosion point:
Infiltration areas: The victim projects are concentrated in key positions such as back-end development for exchanges, smart contract auditing, and KYC providers. Some hackers have even forged European and American degrees and remote work identities, remaining undetected for over six months.
Funds movement: At the end of June, a secondary exchange suddenly experienced an abnormal withdrawal of $220M. Internal investigations revealed that one 'Singaporean' engineer on its CTO team was actually a Pyongyang hacker who exploited his position to alter the cold wallet multi-signature mechanism!
Policy chain reaction: The U.S. Treasury Department plans to add 'employing North Korean IT personnel' to its sanctions red line. Any cryptocurrency project associated with this will face global bans; three DeFi protocols have already been delisted by Coinbase due to employee background issues!
Fatal impact on the cryptocurrency space:
Trust collapse: Investors are beginning to question the authenticity of 'anonymous team' projects. 'Doxxed (real name) means safe' has become the new narrative for 2025, with the TVL of anonymous coins and privacy protocols plummeting 40% in a week!
Regulatory strangulation: The South Korean Financial Commission has announced a comprehensive investigation of the backgrounds of employees in domestic cryptocurrency companies. Suspected North Korean associates will have their assets immediately frozen, and platforms like Upbit have urgently laid off staff to 'clean up' their image.
Technical counterattack: Slow Mist, CertiK, and other institutions have launched 'North Korean IP fingerprint detection' services, analyzing code styles, GitHub submission times, and tracing, with 12 projects actively admitting infiltration and restarting their codebases!
AI
Tracing, with 12 projects actively admitting infiltration and restarting their codebases!
Retail investors' emergency risk-averse strategy (2025 edition):
Check the project by checking HR: Require the team to publicly disclose their recruitment process, prioritizing projects that use 'on-chain identity verification' (such as ENS + Proof of Humanity).
Beware of the 'remote attendance monster': If a core member of a project never turns on their camera and claims to live in Eastern Europe/Southeast Asia, quickly check whether their GitHub activity aligns with North Korean time zone (UTC+9)!
Betting on security infrastructure: $HAPI (on-chain intelligence token) has skyrocketed 300% in 24 hours, and 'anti-North Korean hacker' concept stocks have become a new trend.
Deep warning: The KPI for North Korean hackers in 2025 is 'steal $1 billion, exchange for nuclear weapons.' If you don't raise your vigilance, your U could be the next missile fuel! Forward this warning to all Web3 brothers!#币圈九死一生
#保持SAFU
Loneliness is the excuse of the weak! The Dot Avatar team has arrived, offering top support, only craziness for ambition!