A small group of North Korean IT operatives tied to a $680,000 crypto hack in June, has been caught using Google products, rented computers, and false identities to infiltrate blockchain projects, according to leaked device screenshots. Crypto investigator ZachXBT revealed the findings Wednesday on X, citing an anonymous source who managed to access one of the workers’ devices. The evidence provides a rare inside view of the tactics used by a team that has collectively siphoned millions from the crypto industry, including a $1.4 billion hack on exchange Bybit in February . Fake Identities and Covert Job Applications The leak indicates that six operatives shared at least 31 fabricated identities, complete with forged government documents, phone numbers, and purchased accounts on LinkedIn and UpWork. These profiles helped them secure positions such as “blockchain developer” and “smart contract engineer” for unsuspecting employers. In one case, a worker applied for a full-stack engineer role at Polygon Labs. Other files showed pre-written interview answers falsely claiming experience with OpenSea and Chainlink. Once hired, the group reportedly used remote-access tools like AnyDesk and VPNs to conceal their true locations. The operation appeared well-structured. Google Drive exports, Chrome profiles, and translation tools were used to coordinate schedules, tasks, and budgets in English. A spreadsheet revealed that the group’s combined expenses in May totaled $1,489.80 — funding their infrastructure for ongoing infiltration efforts. From Favrr Hack to Sanctions One of the team’s known wallet addresses, “0x78e1a,” is linked to the $680,000 hack on fan-token marketplace Favrr in June. At the time, ZachXBT alleged that Favrr’s CTO, known as “Alex Hong,” and several developers were actually DPRK workers operating under false identities. The leaked data also hinted at their ongoing research interests, including whether ERC-20 tokens could be deployed on Solana and identifying top AI companies in Europe. ZachXBT urged crypto and tech firms to strengthen hiring due diligence , warning that while these schemes are not always technically advanced, their scale and persistence make them effective. He also pointed to a lack of collaboration between tech companies and freelance platforms as a key vulnerability. In July, the U.S. Treasury sanctioned two individuals and four entities tied to North Korea’s IT worker operations. The post North Korean IT Workers Linked to $680K Crypto Hack: Details appeared first on TheCoinrise.com .
