North Korean IT workers used 30+ fake IDs to target crypto companies: report
The post North Korean IT workers used 30+ fake IDs to target crypto companies: report appeared on BitcoinEthereumNews.com.
A compromised device from a North Korean IT worker has exposed the inner workings of the team behind the $680,000 Favrr hack and their use of Google tools to target crypto projects. Summary A compromised device belonging to a North Korean IT worker exposed the inner workings of threat actors. Evidence shows operatives used Google powered tools, AnyDesk, and VPNs to infiltrate crypto firms. According to on-chain sleuth ZachXBT, the trail began with an unnamed source who gained access to one of the workers’ computers, uncovering screenshots, Google Drive exports, and Chrome profiles that pulled back the curtain on how the operatives planned and carried out their schemes. Drawing on wallet activity and matching digital fingerprints, ZachXBT verified the source material and tied the group’s cryptocurrency dealings to the June 2025 exploit of the fan-token marketplace Favrr. One wallet address, “0x78e1a,” showed direct links to stolen funds from the incident. Inside the operation The compromised device showed that the small team — six members in total — shared at least 31 fake identities. To land blockchain development jobs, they amassed government-issued IDs and phone numbers, even buying LinkedIn and Upwork accounts to complete their cover. An interview script found on the device showed them boasting of experience at well-known blockchain firms, including Polygon Labs, OpenSea, and Chainlink. Google tools were central to their organized workflow. The threat actors were found to be using drive spreadsheets to track budgets and schedules, while Google Translate bridged the language gap between Korean and English. Among the information pulled from the device was a spreadsheet that showed IT workers were renting computers and paying for VPN access to buy fresh accounts for their operations. The team also relied on remote access tools such as AnyDesk, allowing them to control client systems without revealing their…
Filed under: News - @ August 14, 2025 8:27 am