ZachXBT, the well-known crypto sleuth, has uncovered a network of North Korean developers earning up to $500,000 monthly through crypto projects.
The investigator shared these findings on X on August 15, exposing what he believes to be a highly coordinated operation run by a single entity in Asia.
According to ZachXBT, this network employs at least 21 developers who have infiltrated over 25 crypto projects and have stolen millions of dollars from unsuspecting organizations.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
Crypto Day Trading VS Swapping: What’s More Rewarding? (Animated)
The network was discovered when a team sought ZachXBT's help after $1.3 million was stolen from their treasury due to malicious code inserted by developers. The team was unaware they had hired North Korean IT workers using fake identities.
Through his investigation, ZachXBT traced multiple payment addresses linked to these developers. He found that one group of developers had received $375,000 in the last month alone, with total transactions amounting to $5.5 million.
One person connected to these transactions is Sim Hyon Sop, who has been sanctioned by the US Office of Foreign Assets Control (OFAC) for allegedly coordinating financial transfers that support North Korea's weapons programs.
ZachXBT's investigation also linked other payment addresses to another OFAC-sanctioned individual, Sang Man Kim, who is believed to have received $2 million in crypto for selling IT equipment to North Korean teams in China and Russia.
ZachXBT emphasized that several experienced teams had unknowingly hired these North Korean developers. He mentioned an incident where another project realized they had hired a North Korean IT worker, Naoki Murano, listed in his findings. When the project shared ZachXBT's post in their group chat, Murano immediately left the chat and deleted his GitHub account.
The involvement of organizations linked to North Korea in cyberattacks and scams is not new. Among the most notorious groups associated with North Korea is the Lazarus Group, which laundered over $200 million in crypto through more than 25 hacks between 2020 and 2023.
ZachXBT's findings add to the growing evidence of North Korea's involvement in a complex web of cybercrime within the cryptocurrency industry.