A small team of North Korean IT workers – linked to a $ 680,000 crypto hack in June – used Google products and even rented computers to enter crypto projects, according to new leaked screenshots that came from one of the workers’ devices.
To an x Post From ZachXBT on Wednesday, Crypto Sleuth shared a rare interior to viewing the works of a North Korean hacker (DPRK). The information came from “an unnamed resource” that was able to compromise one of their devices.
Workers associated with North Korea are responsible $ 1.4 billion exploitation of the Crypto Exchange in February and sip millions from crypto protocols in recent years.
Data shows that the small team of six North Korea workers IT shares at least 31 fake identities, got everything from government IDs and phone numbers to buy LinkedIn and Upwork accounts to mask their real identity and land crypto jobs.
One of the workers allegedly interviewed for a full position of the engineer’s engineer at the Polygon Labs, while other evidence showed interview responses to which they claimed experienced NFT Marketplace Opensea and blockchain Oracle provider chainlink.
Google, Remote Working Software
Leak documents show workers in North Korea who are secured by “Blockchain Developer” and “Smart Contract Engineer” duties in Freelance platform Like upwork, then use remote access software like anydesk in Perform the work For undoubtedly employers. They also use VPNs to hide their true location.
Google Drive exports and Chrome profiles show that they have used Google tools to manage schedules, activities and budgets, which talks with the main English while using Google’s Korean-to-English translation tool.
A spreadsheet shows workers spent a combined $ 1,489.8 on the costs in May to perform their operations.
North Korean IT workers are tied to recent $ 680,000 crypto hack
North Koreans often use Payoneer to convert Fiat to crypto for their work, and one of the addresses of that purse – “0x78E1a” – is “closely tied” to The $ 680,000 exploitation At the Fan-Token Marketplace FAVRR in June 2025, Zachxbt said.
Related: Crypto crime unit with $ 250m in seizures expands Binance
At this time, ZachXBT has accused the chief project technology official, known as “Alex Hong,” along with other developers, are actually DPRK workers who do not know.
Evidence also provides an insight into their areas of curiosity. A search asked if the ERC-20 tokens could be deployed to Solana, while another seek information at the leading AI development companies in Europe.
Crypto companies have to make more appropriate diligence
Zachxbt calls on crypto and tech firms to do more lessons -home -to -house potential -noticing that many of these operations are not quite sophisticated, but the amount of applications often leads to the rent of teams to be negligent.
He added that a lack of cooperation between tech firms and freelance platforms further contributed to the problem.
Last month, the US Treasury took things into its own hands, punishing Two people and four creatures Involved in a North Korea-Run IT worker ring that has infiltrating crypto firms.
Magazine: Altcoin Season 2025 is almost here … but the rules have changed
