North Korean Fake IT Workers Get Counter-Hacked

A small team of North Korea information technology workers – associated with a $ 680,000 encoding in June – uses Google products and even renting computers to infiltrate encryption projects, according to newly leaked screenshots from a worker.

In the X Publishing of Zachbt on Wednesday, Crypto Sleuth shared a rare interior look at the North Korean infiltrators (DPRK). The information came from an “unveiled source” who was able to bargain with one of their devices.

North Korea’s workers were responsible for using $ 1.4 billion of Bitbit Crypto Exchange in February, and they made millions of encryption protocols over the years.

The data indicates that the small team of six information technology workers in North Korea shares at least 31 fake identity, and got everything from government identity and phone numbers to buy LinkedIn and UpWork accounts to hide their true identities and land coding functions.

One of the workers is supposed to have an interview with the position of a full engineer in Polygon Labs, while other evidence showed responses to the text interview in which they invited experience in Nft Marketplace and Blockchain Oracle Procider.

*A fake list of identities participating in the fraud in North Korea. source:* *Zachbt*

Google, a remote work program

Documents that were leaked show that North Korea information workers have received “Blockchain” and “smart contract engineer” on independent platforms such as UpWork, then use remote access programs such as Anydesk to implement the work of the owners of reassuring work. They also use VPNS to hide their real location.

Google Drive exports and Chrome files show that they use Google tools to manage tables, tasks and budgets, and communicate mainly in English while using the Korean translation tool to English from Google.

The spreadsheet shows that workers spent $ 1,489.8 on expenses in May to carry out their operations.

*Interview/preparation notes, which are likely to be referred to during the interview. source:* *Zachbt*

North Korea information technology workers are associated with Crypto’s penetration of $ 680,000

North Koreans are often used to convert FIAT to Crypto for their work, and one of the wallet addresses-“0 x78E1A”-“closely linked” with the exploitation of $ 680,000 in Marketplace Favrr in June 2025.

Related to: Crime crime unit with $ 250 million in seizures expands with Binance

At that time, Zachxbt claimed that the chief technology official in the project, known as “Alex Hong”, along with other developers, were actually DPRK workers in camouflage.

Evidence also provides an insight into the curiosity areas. Someone asked whether the ERC-20 distinctive symbols could be published on Solana, while another sought to get information about the best artificial intelligence development companies in Europe.

The encryption companies need to do more due care

Zachxbt called for encryption and technology companies to carry out more homework in potential descriptions – noting that many of these operations are not very developed, but the volume of applications often leads to employing teams that have become neglect.

He added that the lack of cooperation between technology companies and independent platforms contributes to this problem.

Last month, the US Treasury took matters in its hands, and offered two people and four entities involved in encrypted companies in North Korea’s information technology.

magazine: Altcoin 2025 season is almost here … but the rules have changed