Blockchain Sleuth Claims DPRK Unit Made $1 Million a Month Posing as Crypto IT Workers

Investigation reveals organised crypto fraud using fake IT identities.

Advertisement
Written by Rahul Dhingra, Edited by David Delima | Updated: 9 April 2026 16:01 IST
Highlights
  • Hackers used fake identities to secure remote IT jobs
  • Shared platform tracked earnings and crypto transactions
  • Funds routed through payment platforms to bank accounts

Fraud network used job roles and crypto platforms to generate revenue

Photo Credit: Unsplash/lonely blue

A North Korean hacker unit made more than $3.5 million (roughly Rs. 3.25 crore) working as impostors through various IT jobs. This group was faking their identities and were hacking multiple crypto projects and earning around $1 million a month (roughly Rs. 93 lakh), as per documents obtained by blockchain sleuth ZachXBT via an unnamed source. The North Korean unit also forged legal documents and crypto-to-fiat conversions. This unnamed source further revealed that a DPRK IT worker called ‘Jerry' had their device compromised via infostealer, wherein the source further extracted data included IPMsg chat logs, fake identities, and browser history.

Fake IT Roles and Coordinated Platforms Used in Crypto Fraud

The DPRK hackers were coordinating through a website called “luckyguys.site”, using a shared password which was “123456”. The post shared by ZachXBT also revealed that some of the users on the fraudulent platform appeared to work for Sobaeksu, Saenal and Songkwang, which are sanctioned by the US Office of Foreign Assets Control. The aforementioned crypto payments were converted into fiat and then sent to Chinese bank accounts through online payment platforms such as Payoneer. It was also discovered that the hackers were using a Discord-style messaging system to report their payments back to their handlers. 

Advertisement

The North Korean IT workers also maintained a leaderboard on this platform, which exposed how much business each crypto IT worker had brought in the organisation since December 8, 2025, with links to blockchain explorer pages showing transaction details. ZachXBT also exposed that the IT worker named Jerry also applied for various job roles, which include one in Texas and an unsent email, applying for a WordPress content and search engine optimisation role at a T-shirt company in Texas. 

The IT workers also falsified their identities, as one of the IT workers, ‘Rascal' shared pictures of a billing statement using a fake name and fake address in Hong Kong. Rascal also shared a picture of an Irish passport, though it is not clear if it was used. 

Advertisement

The North Korean IT workers group were also in the spotlight earlier this year, when data by Security researcher Taylor Manonan had claimed that North Korean IT workers have been infiltrating DeFi platforms for the past 7 years and stolen over $7 billion (roughly Rs. 65,000 crore) in crypto since 2017. The infamous Drift Protocol hack of $285 million (roughly Rs. 2,600 crore) was also pinned on one of the DPRK units. 

Cryptocurrency is an unregulated digital currency, not a legal tender and subject to market risks. The information provided in the article is not intended to be and does not constitute financial advice, trading advice or any other advice or recommendation of any sort offered or endorsed by NDTV. NDTV shall not be responsible for any loss arising from any investment based on any perceived recommendation, forecast or any other information contained in the article.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Moto G77 Power With a 7,000mAh Battery Arrives in India at This Price
  2. Samsung Galaxy M67 Makes Geekbench Debut With This Chipset
  3. Samsung Galaxy A57 5G Battery Test: mAh vs Real-World Usage
  4. JioTV Pro Pack With 30 Days Validity Launched in India at This Price
  1. Huawei Working on Smaller Version of Flagship MatePad Pro Max Tablet, Tipster Claims
  2. Jio Launches Rs. 55 JioTV Pro Pack in India With Access to Over 1,000 Live TV Channels
  3. Realme Narzo 100x 5G India Debut Confirmed, New Listing Appears on Realme's Website
  4. MiCA-Compliant Euro Stablecoins' Market Cap Grew By 128 Percent Ahead of EU Deadline: Report
  5. Samsung Galaxy M67 Pops Up on Geekbench With Exynos Chip, Android 17
  6. Noise REP Band Launched in India With Screenless Design, Up to 10 Days Battery: Price, Features
  7. Nubia to Launch New AI-Powered Smartphone at World Artificial Intelligence Conference 2026
  8. Vivo X500 Pro Mini Leak Reveals 2nm MediaTek Dimensity Chip, 7,000mAh Battery and More
  9. Meta's Muse Image Uses Content From Public Instagram Accounts for AI-Generated Images
  10. Samsung Galaxy A18 Appears in Leaked CAD Renders That Suggest It Will Resemble Its Predecessor From the Front
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.