AInvest Newsletter
Daily stocks & crypto headlines, free to your inbox
North Korean Crypto Workers Linked to $680K Hack: Leaked Screenshots Reveal Tactics
ByAinvest
Friday, Aug 15, 2025 7:11 am ET1min read
A small group of North Korean IT workers has been linked to a $680,000 crypto theft in June, using fake identities and hidden work to infiltrate projects. The group of six controls 31 false identities and has applied for developer roles in crypto and blockchain projects. Evidence suggests they used Google Drive, Chrome profiles, and VPNs to manage schedules and communicate. A Payoneer account linked to the group converted fiat into crypto, with activity traced to a wallet address tied to the June 2025 hack of fan-token marketplace Favrr.
A small group of North Korean IT workers has been linked to a $680,000 crypto theft in June, utilizing fake identities and hidden work to infiltrate projects. The group, consisting of six individuals, controls 31 false identities and has applied for developer roles in crypto and blockchain projects. Evidence suggests they used Google Drive, Chrome profiles, and VPNs to manage schedules and communicate. A Payoneer account linked to the group converted fiat into crypto, with activity traced to a wallet address tied to the June 2025 hack of fan-token marketplace Favrr [1].The group’s methods include creating fraudulent LinkedIn and Upwork profiles, purchasing government IDs and phone numbers, and using remote access software and VPNs to hide their origins. One member even interviewed for a developer role at Polygon Labs, claiming experience at OpenSea and Chainlink. The team coordinated work and budgets using Google tools, spending $1,489.80 on operating costs in May [2].
The hack of Favrr, a fan-token marketplace, drained about $680,000. ZachXBT, a crypto investigator, previously alleged that Favrr’s CTO and some other developers were North Korean workers using false identities. This incident is part of a larger pattern where North Korean hackers have stolen billions from the crypto industry, including $1.4 billion from Bitbit in February [1].
ZachXBT urges technology and crypto firms to strengthen hiring checks, noting that many scams succeed due to volume and weak HR vigilance. Last month, the US Treasury sanctioned individuals and entities involved in these operations, emphasizing the need for closer cooperation between tech companies and freelance platforms to fight infiltration [2].
References:
[1] https://blockchaintechnology-news.com/news/inside-the-north-korean-crypto-worker-network-linked-to-680k-hack/
[2] https://coincodex.com/article/71497/north-korean-crypto-fraud-fake-identities-zachxbt-report/
Ainvest News articles are AI-generated using advanced large language model (LLM) technology designed to analyze and synthesize publicly available data and news. While AI tools assist in producing initial drafts and insights, all AI generated content published on Ainvest is subject to comprehensive human editorial review before publication. A designated human editor reviews, verifies, and approves each article for factual accuracy, coherence, and compliance with AInvest Fintech Inc’s editorial and disclosure standards.
Despite these review procedures, the information provided may still contain inaccuracies, incomplete data, or time sensitive references due to the inherent limitations of AI generated analysis and evolving changes. The material is provided strictly for informational and educational purposes and does not constitute personalized investment, legal, or financial advice. Readers should independently verify all facts, figures, and statements before making any decision based on this content.
AInvest Fintech Inc. its affiliates, and partners accept no liability or responsibility for any direct or consequential losses arising from reliance on this content. All articles and analyses are subject to revision, update, or removal without prior notice to maintain accuracy and integrity in our publications.
Comments
No comments yet