Deutsch한국어日本語中文EspañolFrançaisՀայերենNederlandsРусскийItalianoPortuguêsTürkçePortfolio TrackerSwapCryptocurrenciesPricingIntegrationsNewsEarnBlogNFTWidgetsDeFi Portfolio TrackerOpen API24h ReportPress KitAPI Docs

Leaked Files Reveal North Korean Hackers with 30+ Fake Identities in Crypto Job Scam

2h ago
bullish:

0

bearish:

0

Share
$7M Crypto Hack Hits Bitcoin DeFi Project ODIN•FUN

The post Leaked Files Reveal North Korean Hackers with 30+ Fake Identities in Crypto Job Scam appeared first on Coinpedia Fintech News

A sophisticated cyber operation is quietly infiltrating remote tech jobs worldwide. 

Blockchain investigator ZachXBT uncovered a major leak from a DPRK IT worker’s device showing a small team of five managing 30+ fake identities, with government IDs and purchased Upwork/LinkedIn accounts to obtain developer jobs at projects. They also claimed experience at top blockchain companies like Polygon Labs, OpenSea, and Chainlink.

Inside the DPRK Remote Job Operation

The spreadsheets reveal how DPRK IT workers operated, including weekly reports, expense tracking, and meeting schedules. 

Their expenses show purchases of SSNs, Upwork, and LinkedIn accounts, phone numbers, AI tools, rented computers, and VPNs or proxies.

Wallet Linked to $680K Favrr Exploit

Notably, one wallet was linked to multiple payments and the $680K  Favrr exploit in June 2025, where DPRK ITWs acted as CTO and developers using fraudulent documents. Additional operatives were connected to other projects through this same wallet address.

Leaked Google Drive files, Chrome profiles, and device screenshots revealed that they managed schedules, tasks, and budgets mostly in English. Telegram chats show how they coordinated to land jobs, handle payments, and route salaries through crypto wallets.

One of the key signs pointing to North Korea was their use of Google Translate into Korean during searches, sometimes routed through Russian IP addresses.

DPRK IT Workers Flood Remote Jobs

ZachXBT points out that the biggest challenge in stopping DPRK IT workers is poor coordination between companies and security services, along with recruitment teams who often ignore or resist warnings.

These IT workers are not especially sophisticated, but they are persistent, flooding the global job market for remote developer roles and commonly use Payoneer to convert regular payments into crypto.

North Korea’s Crypto Crime Network

North Korea’s cyber theft operations are massive and growing. In January, operatives stole $2.2M, and in June, authorities seized over $7.7M linked to fake remote job schemes. 

North Korean hackers are tricking people with fake IT job offers to access cloud systems and steal crypto. Since 2020, these campaigns have targeted major crypto platforms, contributing to massive thefts such as Axie Infinity’s $620M breach, DMM Bitcoin’s $305M hack, and Bybit’s $1.5B heist.

Experts estimate that North Korea has stolen $1.6B in crypto so far in 2025, accounting for 35% of all stolen crypto last year, and they are showing no signs of slowing down. 

2h ago
bullish:

0

bearish:

0

Share
Manage all your crypto, NFT and DeFi from one place

Securely connect the portfolio you’re using to start.