Investigation reveals organised crypto fraud using fake IT identities.
Fraud network used job roles and crypto platforms to generate revenue
Photo Credit: Unsplash/lonely blue
A North Korean hacker unit made more than $3.5 million (roughly Rs. 3.25 crore) working as impostors through various IT jobs. This group was faking their identities and were hacking multiple crypto projects and earning around $1 million a month (roughly Rs. 93 lakh), as per documents obtained by blockchain sleuth ZachXBT via an unnamed source. The North Korean unit also forged legal documents and crypto-to-fiat conversions. This unnamed source further revealed that a DPRK IT worker called ‘Jerry' had their device compromised via infostealer, wherein the source further extracted data included IPMsg chat logs, fake identities, and browser history.
The DPRK hackers were coordinating through a website called “luckyguys.site”, using a shared password which was “123456”. The post shared by ZachXBT also revealed that some of the users on the fraudulent platform appeared to work for Sobaeksu, Saenal and Songkwang, which are sanctioned by the US Office of Foreign Assets Control. The aforementioned crypto payments were converted into fiat and then sent to Chinese bank accounts through online payment platforms such as Payoneer. It was also discovered that the hackers were using a Discord-style messaging system to report their payments back to their handlers.
The North Korean IT workers also maintained a leaderboard on this platform, which exposed how much business each crypto IT worker had brought in the organisation since December 8, 2025, with links to blockchain explorer pages showing transaction details. ZachXBT also exposed that the IT worker named Jerry also applied for various job roles, which include one in Texas and an unsent email, applying for a WordPress content and search engine optimisation role at a T-shirt company in Texas.
The IT workers also falsified their identities, as one of the IT workers, ‘Rascal' shared pictures of a billing statement using a fake name and fake address in Hong Kong. Rascal also shared a picture of an Irish passport, though it is not clear if it was used.
The North Korean IT workers group were also in the spotlight earlier this year, when data by Security researcher Taylor Manonan had claimed that North Korean IT workers have been infiltrating DeFi platforms for the past 7 years and stolen over $7 billion (roughly Rs. 65,000 crore) in crypto since 2017. The infamous Drift Protocol hack of $285 million (roughly Rs. 2,600 crore) was also pinned on one of the DPRK units.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.