ZachXBT Uncovers North Korean IT Workers’ $680K Hack

Leaked data reveals North Korean hackers used 31 fake identities to steal $680K from fan-token platform Favrr.

Photo of Aurelien Sage Aurelien Sage Follow on X Send an email August 14, 2025 - 3:15 PM
15 1 minute read
Leaked data reveals North Korean IT workers linked to $680K Favrr hack
Market
  • 31 fake identities linked to North Korean hackers uncovered
  • $680K stolen from fan-token platform Favrr
  • ZachXBT exposes operation using leaked documents

In a recent exposé, on-chain sleuth ZachXBT revealed explosive details about North Korean IT workers running a cybercrime operation under the radar. According to the leaked documents he shared, the group used 31 fake freelance identities to infiltrate and steal funds from the fan-token marketplace Favrr, resulting in a loss of $680,000.

magacoinfinance

This operation is part of a larger pattern of cyber activities reportedly orchestrated by North Korean operatives to fund their nation’s regime. These findings add another layer to the growing concern around state-sponsored hacking groups targeting the crypto space.

Inside the 31 Fake Profiles Scam

The exposed data suggests that these IT workers posed as remote freelancers, cleverly building trustworthy profiles on platforms where Favrr hires its tech talent. Through these deceptive identities, they managed to access critical systems and execute the theft.

Many of these profiles were backed by stolen personal information, with fake resumes and fabricated work histories. They communicated professionally, sometimes even using Western aliases to avoid suspicion. Once inside Favrr’s system, they manipulated internal operations, bypassed checks, and withdrew large sums of crypto assets.

ZachXBT’s findings show how organized and strategic these hacks have become — no longer just brute-force attacks, but calculated infiltrations with deep planning.

Growing Concerns Over State-Backed Cyber Threats

The Favrr incident is not isolated. It follows a disturbing trend of North Korean involvement in cybercrime across the crypto sector. According to the U.S. Treasury and cybersecurity analysts, such operations fund everything from missile programs to the regime’s broader economic needs.

ZachXBT’s report serves as a wake-up call for crypto platforms relying on remote IT teams. Verification methods need to go beyond surface-level ID checks. As the crypto industry expands, so do the risks — and threats like these are only getting more sophisticated.

Read Also :

Disclaimer: The content on CoinoMedia is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency investments carry risks, and readers should conduct their own research before making any decisions. CoinoMedia is not responsible for any losses or actions taken based on the information provided.
Tags
Photo of Aurelien Sage Aurelien Sage Follow on X Send an email August 14, 2025 - 3:15 PM
15 1 minute read
Photo of Aurelien Sage

Aurelien Sage

Aurelien Sage is a blockchain enthusiast and writer, crafting insightful articles on decentralized technologies, Web3, and the future of finance. His work simplifies complex concepts, empowering readers to navigate the evolving crypto landscape with confidence.

Related Articles

Metaplanet becomes sixth-largest corporate Bitcoin holder with 18,113 BTC

Metaplanet Becomes 6th Largest Bitcoin-Holding Company

August 14, 2025 - 6:45 PM
Brett Coin price prediction, Brett Coin whales, crypto analyst, top new meme coin to invest in now, meme coin investment, blockchain development, crypto market forecast, staking rewards, presale ROI, meme coin volatility

Brett Coin Price Prediction: Clawing Toward $0.1 While Arctic Pablo Blasts Off with 12,400% ROI 

August 14, 2025 - 6:15 PM
BingX Exchange PCI DSS certification boosts fiat transaction security

BingX Exchange Earns PCI DSS v4.0.1 Certification

August 14, 2025 - 6:00 PM
CME ETH futures trading volume hits $118B in July amid Ethereum rally

CME ETH Futures Hit $118B in July Trading Surge

August 14, 2025 - 5:30 PM
Back to top button