According to ZachXBT, the group of developers consists of at least 21 individuals working on over 25 crypto projects. Recently, a project that sought Zachxbt’s assistance reported a theft of $1.3 million from their budget, seemingly caused by malicious code introduced by North Korean developers hired unknowingly by the team using fake identities.
Further investigation revealed that the stolen $1.3 million was laundered through a series of transactions, ultimately resulting in the transfer of 16.5 ETH to two different exchanges. Zachxbt discovered that the developers are part of a larger network involved in illicit activities.
By analyzing various payment addresses, Zachxbt found that a group of developers received $375,000 in the last month alone, with total transactions amounting to $5.5 million from July 2023 to early 2024. The funds were deposited into a cryptocurrency exchange account, reinforcing suspicions of North Korean involvement.
The investigation uncovered ties to individuals under US sanctions, such as SIM Hyun Sop, known for coordinating financial transfers to fund North Korea’s weapons program. Additionally, payment addresses were linked to San Man Kim, associated with DPRK cybercrimes.
Some developers were recruited through agencies and recommended to one another for employment. Zachxbt emphasized that while these developers may be complicit, blame should not solely rest on their shoulders. An incident occurred where a crypto project hired a North Korean developer named Naoki Murano, who promptly left the work chat and deleted his GitHub profile after his identity was exposed.