EddieJayonCrypto

 17 Aug 24

tl;dr

Blockchain investigator ZachXBT has uncovered a scheme involving North Korean developers who allegedly stole $1.3 million from a project's treasury by injecting malicious code. The stolen funds were transferred through various crypto platforms and mixed using Tornado Cash to obscure the transaction ...

Blockchain investigator ZachXBT has uncovered a scheme involving North Korean developers who allegedly stole $1.3 million from a project's treasury by injecting malicious code. The stolen funds were transferred through various crypto platforms and mixed using Tornado Cash to obscure the transaction trails.

ZachXBT's investigation revealed that North Korean IT workers infiltrated over 25 crypto projects, possibly earning $300,000 to $500,000 monthly. The investigation also linked the theft to an individual sanctioned by the US Office of Foreign Assets Control.

ZachXBT explained on X that the stolen funds were initially sent to a theft address and bridged from Solana to Ethereum through the deBridge platform. The funds, 50.2 ETH, were deposited into Tornado Cash, a crypto mixer that obscures transaction trails. After that, 16.5 ETH was transferred to two exchanges.

According to ZachXBT, since June 2024, North Korean IT workers have infiltrated over 25 crypto projects using multiple payment addresses. He noted that there could be a single entity in Asia, likely based in North Korea, receiving between $300,000 to $500,000 each month while employing at least 21 workers across different crypto projects.

Further analysis noted that before this case, $5.5 million had been funneled into an exchange deposit address tied to payments made to North Korean IT workers from July 2023 to July 2024. These payments were linked to Sim Hyon Sop, an individual sanctioned by the US Office of Foreign Assets Control (OFAC).

ZachXBT’s investigation looked deeper into the several errors and unusual patterns made by the malicious actors. There were IP overlaps between developers allegedly based in the US and Malaysia and accidental leaks of alternate identities during recorded sessions.

Meanwhile, groups linked to North Korea have long been associated with cybercrime. Their tactics often include phishing schemes, exploiting software vulnerabilities, unauthorized system access, private key theft, and even infiltrating organizations in person. One of its most infamous organizations, Lazarus Group, allegedly stole over $3 billion in crypto assets from 2017 to 2023.

Disclaimer

The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.
 14 Nov 24
 14 Nov 24
 14 Nov 24