ZachXBT Exposes 5 North Korean Workers Running 30+ Fake Identities to Target Crypto Projects

Key Points

1. Five North Korean IT workers created more than 30 fake identities using government-issued IDs and purchased professional accounts on Upwork and LinkedIn to secure jobs in crypto projects.

2. An anonymous source breached a DPRK IT worker's device, revealing data such as Google Drive exports, Chrome browser history, and expense spreadsheets detailing purchases for their deception.

3. The operatives used ERC-20 wallet addresses for salary deposits, with one address (0x78e1) linked to a $680,000 exploit on Favrr, confirming their involvement.

4. Evidence of their North Korean origin included fraudulent documentation, browser history showing Russian IP usage, and access to GitHub repositories.

5. The scheme involved requesting job-seekers to deposit stablecoins like USDT and USDC into designated crypto accounts, with U.S. authorities seizing $7.7 million in crypto linked to similar North Korean IT operations.