USDC Under Fire: North Korea’s IT Brigades Using Stablecoin to Evade Sanctions?

Key Insights:

• On-chain investigator ZachXBT claims USDC is the primary payment rail for DPRK IT workers, citing “high-eight-figure” transfers.
• GitHub repo by Tayvano reveals wallet trails with active USDC flows across Solana and Ethereum.
• The DOJ recently seized $7.7M in stolen crypto linked to North Korean IT fraud, heightening concerns over USDC compliance.

The leading stablecoin USDC is allegedly facing one of its biggest credibility tests yet. As the USDC issuer Circle applied for a U.S. national trust bank license, on-chain analyst ZachXBT posted fresh allegations that North Korean IT contractors are using USDC for mass payments, slipping through compliance systems undetected.

His claims weren’t just vague warnings. They referenced months of public research by Ethereum security expert Tayvano, who flagged a cluster of wallet addresses in a GitHub repo titled drpk-it-workers, with patterns of high-frequency USDC transactions, swaps, and bridges.

However, despite the allegations, Circle (CRCL) stock stayed in the green today, indicating strong confidence among investors.

What the Wallet Trails Reveal

One of the tagged wallets, CkJE52KiM5…RUK shows clear USDC inflows via Raydium and outflows to Allbridge, followed by deposits to centralized exchanges like Binance and MEXC. The movement wasn’t dormant; it suggested live routing and active laundering behavior.

These wallets aren’t confirmed to be seized or officially attributed to DPRK, but their trails closely resemble past laundering flows observed in North Korea-linked hacks such as Ronin and Harmony.

DOJ Seizures: A Parallel Threat

In June, the U.S. Department of Justice announced the seizure of $7.7 million in crypto tied to North Korean IT worker fraud.

These seizures were based on undercover operations involving fake job listings and monitoring of contractor behavior, not necessarily the same wallets flagged by Tayvano.

However, the timing and scale of the DOJ action added weight to ZachXBT’s callout, showing that enforcement is happening, but often reactively.

Munchables Exploit and Recycled Wallets

Separately, another flagged wallet 0x4890…9c97 appeared in traces linked to the $62M Munchables exploit on Blast. Funds moved rapidly via aliases like super1114 and grudev, passing through USDC and ETH routes before landing on centralized exchanges.

TRM Labs diagrams show mirrored laundering structures between these and prior state-linked exploits. This also underscores USDC’s liquidity as both a feature and vulnerability.

Circle has long branded USDC as a regulated and transparent stablecoin. But the continued flow of millions through flagged wallets without preemptive freezing or trace alerts raises questions about how robust that compliance truly is.

With Circle pushing for bank status in the U.S., regulators will likely intensify scrutiny over its KYC systems, wallet monitoring, and response speed, especially as stablecoins become a 2024 election issue.

Meanwhile, despite the recent allegations, Circle’s stock price rose more than 1% today in the early trading session and traded at $183.5. Notably, CRCL has gained notable traction since it debuted on Wall Street.

The stock of the USDC issuer has skyrocketed by more than 492% since it went public. This makes it one of the most successful stocks in history to witness a massive surge since its launch.

The post USDC Under Fire: North Korea’s IT Brigades Using Stablecoin to Evade Sanctions? appeared first on The Coin Republic.