Close Menu
AsiaTokenFundAsiaTokenFund
  • Home
  • Crypto News
    • Bitcoin
    • Altcoin
  • Web3
    • Blockchain
  • Trading
  • Regulations
    • Scams
  • Submit Article
  • Contact Us
  • Terms of Use
    • Privacy Policy
    • DMCA
What's Hot

Ethereum Price Gains 75%: What’s Fueling the Rally?

July 26, 2025

South Korea Seeks Trade Deal with U.S. Ahead of Tariff Deadline

July 26, 2025

Did Galaxy Digital Just Sell Stolen Bitcoin? CryptoQuant CEO Raises Big Questions

July 26, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) YouTube LinkedIn
AsiaTokenFundAsiaTokenFund
ATF Capital
  • Home
  • Crypto News
    • Bitcoin
    • Altcoin
  • Web3
    • Blockchain
  • Trading
  • Regulations
    • Scams
  • Submit Article
  • Contact Us
  • Terms of Use
    • Privacy Policy
    • DMCA
AsiaTokenFundAsiaTokenFund

Crypto firms paid $2.7M monthly to North Korean workers

0
By Aggregated - see source on July 2, 2025 Scams
Share
Facebook Twitter LinkedIn Pinterest Email
Nemo

An on-chain investigation has revealed that North Korea IT workers posing as foreign developers have earned nearly $17 million from crypto startups and blockchain companies this year.

The findings, revealed by prominent blockchain investigator ZachXBT, show that these individuals have successfully integrated into dozens of crypto projects by concealing their identities and locations.

According to ZachXBT, these North Korean operatives filled around 345 roles and potentially up to 920 positions in the emerging industry this year alone.

North Korea
North Korean IT Workers Transaction Trail (Source: ZachXBT)

The investigator noted that their monthly earnings for each role typically ranged between $3,000 and $8,000, bringing the estimated payout to around $2.76 million monthly.

USDC’s role

ZachXBT reported that many of these developers received payments through two main crypto wallets, many of which held balances in USDC, the second-largest stablecoin by market cap.

He also pointed out that funds were sent directly from Circle accounts in several cases, highlighting a serious vulnerability in the publicly listed firm’s compliance oversight.

Notably, one address had only one transaction sent from a wallet previously blacklisted by Tether and linked to known North Korean actor Hyon Sop Sim.

North Korean IT Workers TransactionsNorth Korean IT Workers Transactions
North Korean IT Workers Transactions (Source: ZachXBT)

Considering this, ZachXBT stated:

“I think it’s misleading Circle markets themselves as the most compliant stablecoin that puts security first when they do not have proper channels to report illicit activity and do not engage in incident response during major exploits.”

Key trends uncovered

One key observation ZachXBT made is the misconception that US exchanges have stricter KYC/AML requirements compared to offshore platforms.

According to him, many of these ITWs are tied to US exchanges like Coinbase and Robinhood, while MEXC remains a popular platform for laundering funds.

He wrote:

“A few years ago Binance was widely used by ITWs but now it is rare due to improvements in detection and private industry collaboration that lead to seizures.”

Meanwhile, the blockchain investigator also noted that the rise of neobanks and fintech companies that integrate stablecoins has made it easier for DPRK ITWs to convert fiat into crypto, further complicating the issue.

Finally, ZachXBT warned that hiring multiple DPRK ITWs is often a strong indicator that a project will struggle.

According to him, these workers are usually hired due to their low cost, but their lack of sophistication and the teams’ negligence can lead to disastrous results for crypto startups.

How to identify North Korean IT Workers

Considering this, ZachXBT explained that the North Korean developers could be identified during hiring processes as they often exhibit suspicious behavior.

Some of the common red flags he identified include failed KYC attempts, refusal to meet colleagues in person, despite claiming to live nearby, and shared usage of VPNs with Russian IP addresses.

He also noted that these individuals refer one another to roles within the same project, alter their GitHub handles, and erase LinkedIn histories to avoid detection.

The investigation revealed that once inside a project, these workers often gain access to smart contracts and sensitive infrastructure. Their performance tends to be poor, leading to frequent terminations, but the damage is usually done by the time they’re let go.

He wrote:

“They typically take on multiple roles at once and frequently get fired due to underperformance so turnover is high. Once they infiltrate a team and take ownership of contracts your project becomes at risk of an incident.”

Mentioned in this article

Credit: Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Grok refuses to pick winner for Crypto Rover competition citing ZachXBT pump and dump evidence

July 21, 2025

Ethereum Breaks $3K, but the Bigger Story Is What’s Behind It

July 14, 2025

Chinese industry group warns Web3 and DeFi high-return deals hide classic Ponzi engines

July 10, 2025
Leave A Reply Cancel Reply

What's New Here!

Ethereum Price Gains 75%: What’s Fueling the Rally?

July 26, 2025

South Korea Seeks Trade Deal with U.S. Ahead of Tariff Deadline

July 26, 2025

Did Galaxy Digital Just Sell Stolen Bitcoin? CryptoQuant CEO Raises Big Questions

July 26, 2025

Japan’s Slow Crypto Approval Process Holds Back Innovation, Says WeFi CEO

July 26, 2025
AsiaTokenFund
Facebook X (Twitter) LinkedIn YouTube
  • Home
  • Crypto News
    • Bitcoin
    • Altcoin
  • Web3
    • Blockchain
  • Trading
  • Regulations
    • Scams
  • Submit Article
  • Contact Us
  • Terms of Use
    • Privacy Policy
    • DMCA
© 2025 asiatokenfund.com - All Rights Reserved!

Type above and press Enter to search. Press Esc to cancel.

Ad Blocker Enabled!
Ad Blocker Enabled!
Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.