Crypto Scam Uncovered: Fake IDs Used by IT Workers to Infiltrate Blockchain Projects

39

A recent investigation by crypto detective ZachXBT has exposed a sophisticated scam involving North Korean IT workers using fake identities to infiltrate the cryptocurrency industry. The scam has resulted in the theft of millions of dollars and highlights the growing risks in the rapidly expanding field of blockchain development.

$1.3 Million Stolen from Crypto Project Treasury

The investigation began when a team approached ZachXBT for help after $1.3 million was stolen from their treasury. The theft occurred after malicious code was inserted into their system, unbeknownst to the team, who had unknowingly hired multiple North Korean IT workers as developers. These workers used fake identities to secure their positions, making it difficult for the team to detect the threat.

Tracing the Laundering Path

ZachXBT was able to trace the stolen funds, revealing a complex laundering process. The $1.3 million was first transferred to a theft address and then bridged from Solana to Ethereum via deBridge. From there, 50.2 ETH was deposited into Tornado Cash, a cryptocurrency mixing service that obscures transaction details, making it difficult to trace. Finally, 16.5 ETH was transferred to two exchanges.

The detective also uncovered that the same group of developers was connected to over 25 crypto projects since June 2024, with a recent batch of payments totaling approximately $375,000 over the last month.

Links to OFAC-Sanctioned Individuals

Further investigation revealed that $5.5 million had flowed into an exchange deposit address tied to payments received by the North Korean IT workers from July 2023 to 2024. These payments were connected to Sim Hyon Sop, an individual sanctioned by the U.S. Office of Foreign Assets Control (OFAC).

The use of multiple payment addresses allowed ZachXBT to map out a cluster of related transactions, exposing a broader network of fraudulent activities. The investigation even uncovered humorous yet alarming details, such as overlapping IP addresses between developers claiming to be in the U.S. and Malaysia, and a recorded video where a developer accidentally revealed multiple identities on a notepad.

Suggestion For Crypto Project Team to Protect Themselves

ZachXBT offered several indicators that teams can use to protect themselves from falling victim to such scams. These include being wary of developers who refer to each other for roles, paying attention to inconsistencies in resumes or GitHub activity, and asking specific questions about locations developers claim to be from. Teams should also review logs regularly, be cautious of developers who use popular NFT profile pictures, and be aware of potential language or accent inconsistencies.

The discovery of a single entity in Asia receiving between $300,000 and $500,000 per month from working on 25+ projects using fake identities is a clear indication of the scale of this threat. 

This incident highlights the need for stronger identity verification processes and increased awareness within the crypto community to protect against the growing risks posed by fake IDs and fraudulent developers.

Read also: Singapore’s Largest Bank DBS Is An Ether Whale With Nearly $650M In ETH: Nansen