North Korean Crypto Workers Linked to $680K Hack: Leaked Screenshots Reveal Tactics
PorAinvest
viernes, 15 de agosto de 2025, 7:11 am ET1 min de lectura
LINK--
The group’s methods include creating fraudulent LinkedIn and Upwork profiles, purchasing government IDs and phone numbers, and using remote access software and VPNs to hide their origins. One member even interviewed for a developer role at Polygon Labs, claiming experience at OpenSea and Chainlink. The team coordinated work and budgets using Google tools, spending $1,489.80 on operating costs in May [2].
The hack of Favrr, a fan-token marketplace, drained about $680,000. ZachXBT, a crypto investigator, previously alleged that Favrr’s CTO and some other developers were North Korean workers using false identities. This incident is part of a larger pattern where North Korean hackers have stolen billions from the crypto industry, including $1.4 billion from Bitbit in February [1].
ZachXBT urges technology and crypto firms to strengthen hiring checks, noting that many scams succeed due to volume and weak HR vigilance. Last month, the US Treasury sanctioned individuals and entities involved in these operations, emphasizing the need for closer cooperation between tech companies and freelance platforms to fight infiltration [2].
References:
[1] https://blockchaintechnology-news.com/news/inside-the-north-korean-crypto-worker-network-linked-to-680k-hack/
[2] https://coincodex.com/article/71497/north-korean-crypto-fraud-fake-identities-zachxbt-report/
A small group of North Korean IT workers has been linked to a $680,000 crypto theft in June, using fake identities and hidden work to infiltrate projects. The group of six controls 31 false identities and has applied for developer roles in crypto and blockchain projects. Evidence suggests they used Google Drive, Chrome profiles, and VPNs to manage schedules and communicate. A Payoneer account linked to the group converted fiat into crypto, with activity traced to a wallet address tied to the June 2025 hack of fan-token marketplace Favrr.
A small group of North Korean IT workers has been linked to a $680,000 crypto theft in June, utilizing fake identities and hidden work to infiltrate projects. The group, consisting of six individuals, controls 31 false identities and has applied for developer roles in crypto and blockchain projects. Evidence suggests they used Google Drive, Chrome profiles, and VPNs to manage schedules and communicate. A Payoneer account linked to the group converted fiat into crypto, with activity traced to a wallet address tied to the June 2025 hack of fan-token marketplace Favrr [1].The group’s methods include creating fraudulent LinkedIn and Upwork profiles, purchasing government IDs and phone numbers, and using remote access software and VPNs to hide their origins. One member even interviewed for a developer role at Polygon Labs, claiming experience at OpenSea and Chainlink. The team coordinated work and budgets using Google tools, spending $1,489.80 on operating costs in May [2].
The hack of Favrr, a fan-token marketplace, drained about $680,000. ZachXBT, a crypto investigator, previously alleged that Favrr’s CTO and some other developers were North Korean workers using false identities. This incident is part of a larger pattern where North Korean hackers have stolen billions from the crypto industry, including $1.4 billion from Bitbit in February [1].
ZachXBT urges technology and crypto firms to strengthen hiring checks, noting that many scams succeed due to volume and weak HR vigilance. Last month, the US Treasury sanctioned individuals and entities involved in these operations, emphasizing the need for closer cooperation between tech companies and freelance platforms to fight infiltration [2].
References:
[1] https://blockchaintechnology-news.com/news/inside-the-north-korean-crypto-worker-network-linked-to-680k-hack/
[2] https://coincodex.com/article/71497/north-korean-crypto-fraud-fake-identities-zachxbt-report/
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
SOBRE NOSOTROS
Nuestra historiaAutores de noticiasBase de conocimientosPolítica de privacidadTérmino de usoDescargo de responsabilidad de corretaje de tercerosTérminos de uso de AIMEDivulgaciones de riesgos de AInvest AICarrerasCONTÁCTENOS
Email: support@ainvest.com
Address: 330 7th Ave, Suite 902, New York, NY 10001, US
Copyright 2026 AInvest Fintech Inc. All rights reserved.
Comentarios
Aún no hay comentarios