Connect with us
Active Currencies 15514
Market Cap $3,443,639,517,416.60
Bitcoin Share 56.85%
24h Market Cap Change $3.57

Blockchain sleuth ZachXBT unveils North Korea’s secret crypto empire

2min Read

ZachXBT’s findings reveal a covert North Korean crypto network—what other hidden players might be involved?

Crypto sleuth ZachXBT unveils North Korea’s secret crypto empire

Share this article

  • ZachXBT uncovered a North Korean crypto network with $300K-$500K monthly earnings.
  • Investigation revealed complex laundering schemes and connections to OFAC-sanctioned individuals.

In a recent investigation, blockchain analyst ZachXBT uncovered a well-coordinated network of North Korean developers.

These developers, involved in crypto, are suspected to earn $300,000-$500,000 monthly.

North Korea crypto scam uncovered

According to his findings shared on the 15th of August, a single entity in Asia, potentially North Korea, likely runs this network.

The group consists of 21 developers working on over 25 crypto projects, revealing significant hidden influence in the global crypto industry.

ZachXBT 1

Source: ZachXBT/X

Providing further insights on the matter, ZachXBT added, 

“Unbeknownst to the team they had hired multiple DPRK IT workers as devs who were using fake identities. I then uncovered 25+ crypto projects with related devs that have been active since June 2024.”

The process involved in the fraud

ZachXBT confirmed that the laundering scheme transfers $1.3M to a theft address bridges it from Solana [SOL] to Ethereum [ETH], deposits 50.2 ETH into Tornado Cash, and then moves 16.5 ETH to two exchanges.

ZachXBT 2

Source: ZachXBT/X

By tracking various payment addresses used by the 21 developers, ZachXBT identified a cluster of recent transactions totaling approximately $375,000 over the past month, revealing a sophisticated network of financial maneuvers.

ZachXBT 3

Source: ZachXBT/X

Who was involved?

For those unaware, before these recent transactions, someone deposited $5.5 million into an exchange address. This address received payments for DPRK IT workers from July 2023 to 2024.

The investigation revealed connections to Sim Hyon Sop, an individual currently sanctioned by the Office of Foreign Assets Control (OFAC).

Additionally, several payment addresses linked to these developers were also associated with Sang Man Kim, a U.S.-sanctioned figure involved in DPRK-related cyber activities.

Kim is suspected of managing DPRK cyber funds and facilitating IT sales to DPRK teams in China and Russia.

In addition, the placement agencies recruited some identified developers, who sometimes referred each other for positions.

“A number of experienced teams have hired these devs so it’s not fair to them single as the ones to blame.”

There’s more to it…

Things took a strange turn when Naoki Murano, a DPRK IT worker identified in ZachXBT’s investigation, abruptly left the chat and deleted his GitHub account in response to the exposure.

ZachXBT 4

Source: ZachXBT/X

Murano’s swift reaction suggests he feared being linked to the network and aimed to minimize his digital footprint.

Share

Ishika is a graduate of Political Science from the University of Delhi. From writing content as a hobby to now pursuing it as a professional career, she has been living and breathing content all her life. Her interests lie in making sure articles are very digestible to a common reader, despite all its technicalities and jargons.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.