Close Menu
    X (Twitter)
    Blockchain Journal
    • News
      • Blockchain News
      • Bitcoin News
      • Ethereum News
      • NFT
      • DeFi News
      • Polkadot News
      • Chainlink News
      • Ripple News
      • Cardano News
      • EOS News
      • Litecoin News
      • Monero News
      • Stellar News
      • Tron News
      • Press Releases
      • Opinion
      • Sponsored
    • Price Analisys
    • Learn Crypto
    • Contact
    • bandera
    Facebook X (Twitter) Instagram
    Blockchain Journal
    Home » 31 fake North Korean developers tricked crypto firms and stole $680K

    31 fake North Korean developers tricked crypto firms and stole $680K

    0
    By ethan on September 2, 2025 Blockchain News, News
    31 fake North Korean developers tricked crypto firms and stole $680K
    Share
    Facebook Twitter LinkedIn Pinterest Email

    The mass impersonation operation accessed technical teams of several crypto firms. The operation took approximately $680,000. It used social engineering, fake identities along with on-chain obfuscation. The attack shows problems in remote hiring and access control in blockchain projects.

    1/ An unnamed source recently compromised a DPRK IT worker device which provided insights into how a small team of five ITWs operated 30+ fake identities with government IDs and purchased Upwork/LinkedIn accounts to obtain developer jobs at projects. pic.twitter.com/DEMv0GNM79

    — ZachXBT (@zachxbt) August 13, 2025

    Modus Operandi

    Operatives posed as good developers; they used fake LinkedIn profiles, code repositories, false resumes in addition to good remote interviews. After being hired or made collaborators, they used many privileges to move assets plus deploy tools. The tools helped take the funds.

    Tactics

    Social engineering and digital believability were the first methods. Accounts with fake GitHub history, proper names but also references, and videoconferences made people less suspicious. In the technical part, the attackers used scripts as well as automations to move assets fast. They took advantage of a lack of controls, such as withdrawal limits and peer review on important actions.

    31 fake North Korean developers tricked crypto firms and stole $680K

    On-chain Tracing and Cleaning Routes

    Forensic analysts found movements pointing to mixing services plus cross-chain swaps. The actions dispersed funds. Tracing allowed seeing common patterns. As an example, amounts broke into many addresses – they also used bridges to less watched networks. The tactics slow down who did it and getting money back. Cleaning routes – mixers but also cross-chain bridges worked to hinder tracking.

    Affected assets – most were ERC-20 tokens and assets on EVM networks because of their liquid state. Signs of compromise – fabricated activity in repositories, emails from personal domains, as well as a lack of two factor verification in access processes.

    Attribution and Geopolitical Context

    In similar incidents, analysis firms have linked patterns with groups from North Korea. This link rests on common tactics, techniques next to procedures, and infrastructure overlaps. Attribution needs international work plus technical proof. Many public notes speak of similarities with prior operations, rather than absolute certainty.

    Operational Recommendations for Crypto Teams

    Reducing this risk needs controls in hiring and on-chain operations. Very good identity checking for technical staff using the principle of least privilege, but also setting withdrawal limits and peer reviews for sensitive movements are basic measures. Keeping partnerships with blockchain forensic teams speeds up seeing problems as well as responding.

    The case shows that decentralization does not remove human or operational exposure. Improving hiring care and on-chain defenses is urgent – this protects funds plus keeps trust in an ecosystem. The ecosystem wants financial independence from state actors and bad controls.

    cryptocurrencies Hackers North Korea
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    ethan

    Related Posts

    Options on TRUMP, XRP and SOL suggest a possible year-end altseason, according to PowerTrade

    September 3, 20253 Mins Read

    Figure Technology seeks a $4.000M valuation in its IPO as the wave of crypto public listings grows

    September 2, 20252 Mins Read

    PUMP leads weekly winners with a 40% gain driven by Pump.fun,

    September 2, 20252 Mins Read

    Somnia activates its mainnet and launches the SOMI token after a testnet of 10 billion transactions

    September 2, 20253 Mins Read

    Chinese state-owned company issues RWA bond on Ethereum: Futian places 500M RMB in tokenized form

    September 2, 20253 Mins Read

    Ethereum will retire Holešky after the Fusaka fork: impact and steps for developers and validators

    September 2, 20253 Mins Read

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    © 2025 Blockchain Journal

    Type above and press Enter to search. Press Esc to cancel.

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.