ZachXBT reveals North Korea's IT team using fake identities and cross-border accounts to launder over $3.5 million in crypto assets

MeNews · 2026-04-08T17:40:18+00:00

According to on-chain detective ZachXBT, a North Korean IT professional's device was infected with malware, resulting in the leak of approximately 390 accounts and chat records. The North Korean IT team used forged identities to transfer cryptocurrencies to specific wallets and exchanged fiat currency across multiple platforms, collecting over $3.5 million since November 2025.

MeNews

2026-04-08 17:40:18

Abstract generation in progress

ME News message, on April 8 (UTC+8), according to blockchain sleuth ZachXBT, a North Korean IT professional’s device was infected with malware; its internal payment server data was leaked, involving about 390 accounts, chat logs, and encrypted transactions. The leaked data shows that the North Korean IT team reported earnings through the internal platform luckyguys.site, using large numbers of forged identities and fake legal documents to transfer cryptocurrency from exchanges or other services into a wallet controlled by an administrator account “PC-1234”, and then exchange it for fiat currency through Chinese bank accounts and platforms such as Payoneer. Since November 2025, the related addresses have received over $3.5 million, and one Tron address was frozen by Tether in December 2025. ZachXBT also released the network’s organizational structure, payment details, and some publicly verifiable addresses. (Source: PANews)

TRX0.69%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.