A Disclosure by Blockchain Expert ZachXBT Reveals North Korea’s Covert Crypto Activities
Recently, blockchain researcher ZachXBT unveiled an organized group of North Korean programmers linked to the cryptocurrency space.
These programmers, engaged in digital assets, allegedly make between $300,000 to $500,000 on a monthly basis.
Exposure of a Cryptocurrency Scam in North Korea
On the 15th of August, ZachXBT shared his discoveries, indicating that a singular entity in Asia, potentially associated with North Korea, manages this operation.
This group comprises 21 developers overseeing more than 25 crypto initiatives, showcasing a substantial hidden influence within the global crypto sector.
Adding more insights, ZachXBT mentioned,
“Unknown to their employers, they had recruited multiple IT professionals from North Korea who assumed false identities. I uncovered over 25 ongoing crypto projects involving these developers, active since June 2024.”
Unveiling the Fraudulent Process
Confirming the money laundering process, ZachXBT described how $1.3 million is funneled into a fraudulent address, shifted from Solana [SOL] to Ethereum [ETH], with 50.2 ETH channeled into Tornado Cash, followed by the transfer of 16.5 ETH across two exchanges.
Through tracking the payment destinations utilized by the 21 developers, ZachXBT pinpointed a cluster of recent transactions summing up to around $375,000 in the past month, exposing a complex web of financial activities.
Key Players Involved
Prior to these recent transactions, an amount of $5.5 million was deposited into an exchange address, receiving payments for North Korean IT workers from July 2023 to 2024.
The investigation disclosed ties to Sim Hyon Sop, an individual currently sanctioned by the Office of Foreign Assets Control (OFAC).
Moreover, several payment destinations linked to these developers were also associated with Sang Man Kim, a figure sanctioned by the U.S. due to his involvement in cyber activities related to North Korea.
Kim is suspected of overseeing cyber funds for North Korea and facilitating IT transactions to North Korean teams based in China and Russia.
Furthermore, recruitment agencies placed some of the identified developers, occasionally referring one another for various positions.
“Numerous experienced teams have engaged these developers, hence it’s unjust to solely hold them accountable.”
A Deeper Dive
The situation became peculiar when Naoki Murano, a North Korean IT specialist highlighted in ZachXBT’s inquiry, hastily exited the chat and deleted his GitHub profile upon exposure.
Murano’s swift action implies a concern about being associated with the network and an effort to minimize his online footprint.