A recent investigation has revealed a complex network of North Korean developers potentially earning substantial incomes from established cryptocurrency projects. Notably, this network is believed to be controlled by a single entity operating out of Asia, possibly North Korea, employing over 21 individuals for more than 25 crypto projects. Reports suggest that this organization is generating monthly revenue ranging from $300,000 to $500,000.
Evidence emerged when a team approached an investigator after discovering that $1.3 million had been misappropriated from their treasury. The investigation revealed that they had unwittingly hired several IT workers from North Korea who were utilizing fake identities to conceal their backgrounds. The stolen funds were reportedly funneled through a series of transactions, ultimately leading to 16.5 Ether being transferred to two different cryptocurrency exchanges.
As the investigator delved deeper, it became evident that these developers were part of a broader, more intricate network. Analysis of various payment addresses indicated that a group of developers received approximately $375,000 in the last month alone, with cumulative transactions reaching $5.5 million from July 2023 to early 2024, all linked to an exchange deposit address associated with North Korean IT workers.
The investigation highlighted connections to individuals under U.S. sanctions, including Sim Hyon Sop, who has been implicated in managing financial transactions that reportedly support North Korea’s weapons development initiatives. Another sanctioned figure, Sang Man Kim, was also identified, with authorities believing he plays a role in compensating the families of overseas North Korean tech workers.
Significantly, the investigation also uncovered signs of Russian IP addresses overlapping with developers claiming to reside in the U.S. and Malaysia. Some developers were even placed by recruitment agencies and had referred each other for various assignments. The infiltration of North Korean labor into the tech sector has become a growing concern, especially following advisories issued by U.S. authorities regarding the risks associated with hiring overseas tech workers in the cryptocurrency space. The notorious Lazarus Group, linked to North Korea, has been implicated in stealing over $3 billion in cryptocurrency assets in recent years, further emphasizing the threat posed by this network.