North Korean IT Unit Exposed for Crypto Hacking Scheme

A recent leak has shed light on a North Korean IT unit that allegedly generated over $1 million per month by working as developers while attempting to hack crypto projects.

According to documents obtained by a counterhacker, the team, consisting of 140 members, made approximately $3.5 million in just a few months. The leaked data revealed the group's coordinated payments and use of fake identities.

The IT workers used a shared password, '123456,' on a website called 'luckyguys.site' to coordinate their payments. Some users on this platform appeared to work for sanctioned entities, including Sobaeksu, Saenal, and Songkwang.

These crypto payments were converted into fiat currency and sent to Chinese bank accounts via online payment platforms like Payoneer. The leaked data also linked these wallet addresses to other known North Korean wallets that were blacklisted by Tether in December.

The discovery has sparked concerns about the continued threat of North Korean-backed hackers in the crypto industry, which has seen several high-profile hacks in recent months. In addition to the $1.4 billion hack of Bybit and the $625 million Ronin bridge hack, North Korean hackers were also blamed for the $280 million hack of Drift Protocol on April 1.