Chain investigator Zachxbt intercepted payments made directly to North Korean IT workers. Salaries suggest that more crypto projects will be exposed to potential hacks from their teams, or bugs and backdoors introduced into smart contracts.
A new study by ZachxBT has still had a significant payroll calculation for IT workers revealed as DPRK agents. Project teams have hired international IT workers who are often hidden by fake profiles. A set of profiles are currently published for the penetration of blockchain, Web3 and Defi projects.
ZachxBT has discovered $16.58 million in payments since January 2025, referring to hundreds of employment in crypto projects.
1/My recent research has found payments of over $16.58 million since January 1, 2025. It sent $276 million a month to North Korean IT workers who were hired as developers of various projects and businesses.
To put this in mind, the range of payments means 3k-8k per month: 3k-8k…pic.twitter.com/pjhzg9wj4r
– Zachxbt (@zachxbt) July 2, 2025
The intercepted addresses and pay suggest that some IT workers used disguised identity and false locations. Recent announcements of additional wallets and identity have arrived after the US Department of Justice Cracked Recent IT schemes target US companies.
Risks include disclosure and theft of sensitive information, as well as cryptographic theft, attacks on tokens and draining liquidity.
Zachxbt’s discovery continues to Doxxing, a recent DPRK IT worker. Meme token I joined a creator or an existing meme token team. Other investigations include attempts to present as a civil engineer or seeking roles as Interior Designer. Fake teams often use AI as research tools and disguise their identity.
North Korea’s IT team was rejected by a voluntary investigation
For some, the North Korean hackers on the crypto team are still a conspiracy theory. Most recent discoveries are linked to OSINT’s efforts and real-life tracking and DOXXING.
ZachxBT also adds wallet monitoring and often connects known IT workers with prominent social media profiles based on wallet connections to known DPRK hacker wallet clusters. Zachxbt warned that North Korean IT workers are also infiltrating traditional high-tech companies, but crypto projects often can make tracking easier, especially when pay is stranded.
For now, ZachxBT has not announced the names of the crypto projects that hackers have most affected. Previously, they even had established protocols like waves It has been reported They breached smart contracts because they hired unexplored IT workers.
North Korean IT workers also pose as crypto influencers
At the beginning of June, investigators also pointed out that some well-known crypto influencers linked to the old memes and NFT projects also connected to the suspicious ones. Wallet cluster. Some of the addresses observed by ZachxBT were flagged as connected to the FAVVR NFT project.
DPRK hackers often don’t stay on projects long, but their involvement is dangerous even in short stints. DPRK hackers can play multiple roles in projects, including access to multi-sig wallets and other key responsibilities. As Crypto projects run audits for months or years apart, some Defi platforms, meme tokens, and other apps may retain hidden risks of exploits.
Zachxbt also points out that not only is most hackers drawn to MexC, they are also portrayed on US-based exchanges such as Robinhood and Coinbase. One of the widely used markets, Binance is inappropriate due to its track record of fund freezes and intercepting support authorities. North Korean IT workers often rely on USDCs, but are trying to hide their transactions as they can freeze stubcoins.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
