- Detected Developer Network
- Theft of $1.3 Million and Money Laundering
- Connection to Sanctioned Individuals and Organizations
Blockchain investigator ZachXBT has uncovered a network of North Korean developers working on various crypto projects and earning up to $500,000 per month.
Detected Developer Network
In a post on the social network X, dated August 15, ZachXBT informed his followers that an organization in Asia, likely operating out of North Korea, is receiving $300,000 to $500,000 per month employing at least 21 developers for over 25 crypto projects. To support this claim, the investigator published a screenshot with examples of identified transactions.
Theft of $1.3 Million and Money Laundering
ZachXBT alleges this latest $1.3 million stolen by North Korean workers was laundered through a sequence of transactions, including transferring to a theft address and ending with 16.5 Ether (ETH) going to two different exchanges. Further investigation revealed that these developers are part of a much more extensive network.
Connection to Sanctioned Individuals and Organizations
ZachXBT discovered that the payment addresses are linked to Sim Hyon Sop, who was sanctioned by the Office of Foreign Assets Control (OFAC) for coordinating financial transfers that ultimately supported North Korean weapons programs. Additionally, the investigator found addresses connected to another sanctioned individual, Sang Man Kim, involved in North Korean-related cybercrime. Some developers even inadvertently revealed their other identities in notes.
The investigation revealed that organizations linked to North Korea are involved in cyberattacks and other fraudulent schemes to generate income, which is then sent back to the country. Many of these workers were hired through recruitment agencies and referred each other. The US Departments of Justice, State, and Treasury have previously warned about the influx of North Korean workers into the crypto and IT industries, working remotely for various projects.
