Infamous for several hacking incidents of late, developers from North Korea have been again involved in a HIGH-PROFILE crypto scam.
According to the latest investigation, a group of DPRK hackers had successfully gained access to more than 25 crypto projects worldwide by posing as developers and stealing over $1.3 Million.
The new hack comes weeks after the recent hacking incident on WazirX crypto exchange that led to loss of $230 Million worth investor fund, in which the name of North Korean group Lazarus emerged.
The prominent security researcher ZachXBT recently shared a post revealing that a group of DPRK IT workers have been found employed in more than 25 crypto projects with fake identities. They have been hired as developers due to their good resumes, decent work history and fake working experience.
How the Scam by North Korean “Developers” unfolded?
ZachXBT said that he contacted all the victim teams regarding the suspicious employee records and tracked 21 developer payment wallets. He also revealed fake identities of all and found all of those addresses leading to a common IT worker address.
This scandal came to light after a project team reached out to ZachXBT for assistance on a $1.3 million theft. As per the team, the security of the project’s treasury wallet was compromised due to a malicious code injected by one of the team members. They asked ZachXBT to get to the root cause of this low-key threat while it ended up on a serendipitous discovery.
The findings from the research and onchain transactions shows that all those fake employee payment addresses were leading to the same crypto exchange deposit address, supposedly of the operating entity of the whole group.
In contrast, this exchange address is also connected to the OFAC sanctioned hacker known as Sim Hyon Sop. This loop continued for almost a year – starting from July 2023 to July 2024 – until it came to know following this recent revelation.
What was the modus operandi of North Korean Hackers?
While most of these developers were capable of showcasing their extraordinary skills, they managed to hide the real identity and submitted fake IDs to their employer projects. They also had good looking resumes and remarkable github activity which were enough for employers to believe in them.
In addition, this group of people also referred each other to vacant posts at their respective projects and teams. As all of these fake employees were sending payments – which they received as compensation – to common addresses, it suggests that they all were one small group rather than separate employees.
Conclusion
The recent hacking incident has led to debates within the crypto community regarding the growing sophistication and persistence of North Korean cyber activities in the cryptocurrency space. By infiltrating numerous projects under false pretenses, these DPRK developers have not only stolen significant funds but also exposed the vulnerabilities within the hiring and security practices of many crypto projects.
The revelations by ZachXBT serve as a critical reminder for the industry to implement more stringent vetting processes and heightened security measures to protect against such threats in the future.
Also Read: What Went Wrong with WazirX? Unraveling India’s biggest crypto hack
