{"id":11726,"date":"2025-09-25T09:39:02","date_gmt":"2025-09-25T09:39:02","guid":{"rendered":"https:\/\/bitunikey.com\/news\/zachxbt-north-korean-it-workers-responsible-for-over-25-cyber-attacks-in-crypto\/"},"modified":"2025-09-25T09:39:07","modified_gmt":"2025-09-25T09:39:07","slug":"zachxbt-north-korean-it-workers-responsible-for-over-25-cyber-attacks-in-crypto","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/zachxbt-north-korean-it-workers-responsible-for-over-25-cyber-attacks-in-crypto\/","title":{"rendered":"ZachXBT: North Korean IT workers responsible for over 25 cyber attacks in crypto"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">On-chain sleuth ZachXBT claims that North Korean IT workers are responsible for at least 25 incidents of hacking and ransomware exploitations related to companies in the crypto industry.<\/p>\n<div id=\"cn-block-summary-block_9cdd77ea25a46ee2814eb61fac3233b3\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>ZachXBT claims that at least 25 attacks and exploitation incidents in the crypto sphere have been linked to North Korean IT workers.<\/li>\n<li>Many U.S. crypto firms have been warned against hiring North Korean IT workers who may be trying to gain insider access.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>In a post responding to Amjad Masad, CEO of AI coding platform Replit, blockchain investigator ZachXBT highlighted how North Korean IT workers have been responsible for a large number of crypto-related hacks and extortion schemes involving crypto firms.<\/p>\n<p>On Sept. 25, Masad shared a <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/amasad\/status\/1970937004012556390\">video<\/a> on X showing how North Korean remote workers, more often in the field of IT, used AI filters and interview cheat tools in order to get jobs in major U.S. crypto firms.<\/p>\n<p>\u201cJust learning that North Korea flooded US market with remote IT workers, not to infiltrate or spy, but to make money for the DPRK! They use AI filters and AI interview cheating tools to get jobs,\u201d said Masad in his latest post.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>ZachXBT disagreed with Masad, stating that these efforts were not harmless. A lot of North Korean IT workers that use AI to cheat interviews to get into U.S crypto companies could also be doing so with nefarious purposes in mind.<\/p>\n<p>\u201d \u201cNot to infiltrate,\u201d This is actually a common misconception. At minimum there\u2019s 25+ instances of DPRK ITWs hacking or extorting teams for funds,\u201d said ZachXBT.<\/p>\n<p>To reinforce his point, the web3 sleuth shared past research that showed multiple crypto projects have fallen victim to attacks by North Korean hacking groups that infiltrated the firm from the inside. Based on his research, there have been at least 25 cybersecurity attacks and ransomware infiltrations in the crypto industry linked to North Korean remote workers.<\/p>\n<p>\u201cGranted all of those companies were related to crypto,\u201d he added.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h2 class=\"wp-block-heading\">ZachXBT claims North Korean IT workers mostly use USDC<\/h2>\n<p>This is not the first time ZachXBT warned crypto firms against  North Korean IT workers. Last July, the crypto sleuth highlighted the fact that North DPRK hackers have reportedly been using USDC (USDC) to funnel millions of funds in illicit payments. The allegations surfaced as Circle filed for a national trust bank charter, which would grant it authority to manage the reserves behind USD Coin.<\/p>\n<p>The on-chain analyst criticized Circle\u2019s approach, arguing the company has failed to address the issue despite the scale and transparency of the transactions. He claimed that the stablecoin issuer has failed to take action to detect or freeze the activity.<\/p>\n<p>As more and more crypto firms and employees start to fall victim to hacks initiated by North Korean actors, more crypto figureheads have been warning the community against hiring remote workers from North Korea.<\/p>\n<p>Most recently, former <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/lnk.do\/Bnx5rBi7\">Binance<\/a> head Changpeng \u201cCZ\u201d Zhao warned the crypto community of North Korean hackers disguising themselves as prospective employees in order to infiltrate top crypto companies.<\/p>\n<p>One tactic he highlighted was the use of fake job applications, where operatives would pose as candidates for roles at crypto firms, specifically roles related to development, security, and finance, in order to gain insider access.<\/p>\n<p>Another strategy he warned about was how they would often masquerade as recruiters, approaching existing employees under the guise of representing rival companies. According to CZ, during early interview stages these actors frequently claim there is a technical issue with Zoom, then they would ask potential victims to download a malicious \u201cupdate\u201d via a shared link.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>On-chain sleuth ZachXBT claims that North Korean IT workers are responsible for at least 25 incidents of hacking and ransomware exploitations related to companies in the crypto industry. Summary ZachXBT&hellip;<\/p>\n","protected":false},"author":1,"featured_media":11551,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11726","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/11726","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=11726"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/11726\/revisions"}],"predecessor-version":[{"id":11727,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/11726\/revisions\/11727"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/11551"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=11726"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=11726"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=11726"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}