An in-depth investigation has uncovered a startling revelation about North Korean IT workers infiltrating the cryptocurrency industry under the guise of foreign developers. These operatives have managed to secure nearly $17 million from various crypto startups and blockchain companies in the current year alone.
ZachXBT, a well-known blockchain investigator, has shed light on this alarming trend, highlighting how these individuals have seamlessly integrated themselves into numerous crypto projects by concealing their true identities and locations. According to ZachXBT’s findings, these North Korean operatives have taken on approximately 345 roles, potentially filling up to 920 positions within the burgeoning industry over the course of this year.
The investigator further disclosed that these IT workers from North Korea have been earning monthly salaries ranging from $3,000 to $8,000 per role, totaling an estimated payout of around $2.76 million each month.
One significant aspect highlighted by ZachXBT is the role of USDC in facilitating these illicit transactions. Many of these developers have been receiving payments through two primary crypto wallets, with substantial balances in USDC, the second-largest stablecoin by market capitalization. Moreover, funds have been traced back to Circle accounts in some instances, exposing a serious compliance loophole within the publicly listed firm.
It was also revealed that a specific address had received a transaction from a wallet previously flagged by Tether and linked to a known North Korean actor, Hyon Sop Sim. This alarming connection underscores the need for stricter regulatory oversight and enhanced compliance measures within the cryptocurrency ecosystem.
ZachXBT also uncovered key trends, indicating that many of these North Korean IT workers are associated with US-based exchanges like Coinbase and Robinhood, while platforms like MEXC are commonly utilized for money laundering activities. The rise of neobanks and fintech companies integrating stablecoins has further complicated the situation, making it easier for DPRK IT workers to convert fiat currency into cryptocurrencies.
Additionally, the investigator cautioned against hiring multiple DPRK IT workers, citing their lack of sophistication and potential negligence as detrimental factors that could jeopardize the success of crypto projects. He emphasized the importance of identifying these individuals during the recruitment process by recognizing red flags such as failed KYC attempts, reluctance to meet colleagues in person, and the use of VPNs with Russian IP addresses.
These North Korean developers often manipulate their GitHub handles, erase LinkedIn histories, and refer each other to roles within the same project to evade detection. Once inside a project, they gain access to sensitive infrastructure and smart contracts, leading to underperformance and frequent terminations. This highlights the urgent need for heightened vigilance and stringent measures to prevent further infiltration and safeguard the integrity of the cryptocurrency industry.