ZachXBT: North Korean IT workers responsible for over 25 cyber attacks in crypto

On-chain sleuth ZachXBT claims that North Korean IT workers are responsible for at least 25 incidents of hacking and ransomware exploitations related to companies in the crypto industry.

In a post responding to Amjad Masad, CEO of AI coding platform Replit, blockchain investigator ZachXBT highlighted how North Korean IT workers have been responsible for a large number of crypto-related hacks and extortion schemes involving crypto firms.

On Sept. 25, Masad shared a video on X showing how North Korean remote workers, more often in the field of IT, used AI filters and interview cheat tools in order to get jobs in major U.S. crypto firms.

“Just learning that North Korea flooded US market with remote IT workers, not to infiltrate or spy, but to make money for the DPRK! They use AI filters and AI interview cheating tools to get jobs,” said Masad in his latest post.

ZachXBT disagreed with Masad, stating that these efforts were not harmless. A lot of North Korean IT workers that use AI to cheat interviews to get into U.S crypto companies could also be doing so with nefarious purposes in mind.

” “Not to infiltrate,” This is actually a common misconception. At minimum there’s 25+ instances of DPRK ITWs hacking or extorting teams for funds,” said ZachXBT.

To reinforce his point, the web3 sleuth shared past research that showed multiple crypto projects have fallen victim to attacks by North Korean hacking groups that infiltrated the firm from the inside. Based on his research, there have been at least 25 cybersecurity attacks and ransomware infiltrations in the crypto industry linked to North Korean remote workers.

“Granted all of those companies were related to crypto,” he added.

ZachXBT claims North Korean IT workers mostly use USDC

This is not the first time ZachXBT warned crypto firms against North Korean IT workers. Last July, the crypto sleuth highlighted the fact that North DPRK hackers have reportedly been using USDC ( USDC ) to funnel millions of funds in illicit payments. The allegations surfaced as Circle filed for a national trust bank charter, which would grant it authority to manage the reserves behind USD Coin.

The on-chain analyst criticized Circle’s approach, arguing the company has failed to address the issue despite the scale and transparency of the transactions. He claimed that the stablecoin issuer has failed to take action to detect or freeze the activity.

As more and more crypto firms and employees start to fall victim to hacks initiated by North Korean actors, more crypto figureheads have been warning the community against hiring remote workers from North Korea.

Most recently, former Binance head Changpeng “CZ” Zhao warned the crypto community of North Korean hackers disguising themselves as prospective employees in order to infiltrate top crypto companies.

One tactic he highlighted was the use of fake job applications, where operatives would pose as candidates for roles at crypto firms, specifically roles related to development, security, and finance, in order to gain insider access.

Another strategy he warned about was how they would often masquerade as recruiters, approaching existing employees under the guise of representing rival companies. According to CZ, during early interview stages these actors frequently claim there is a technical issue with Zoom, then they would ask potential victims to download a malicious “update” via a shared link.