ZachXBT reveals North Korea's IT team using fake identities and cross-border accounts to launder over $3.5 million in crypto assets

MeNews · 2026-04-08T19:00:18+00:00

According to on-chain detective ZachXBT, a North Korean IT professional's device was infected with malware, resulting in the leak of approximately 390 accounts and chat records. The North Korean IT team used forged identities to transfer cryptocurrencies to specific wallets and exchanged fiat currency across multiple platforms, collecting over $3.5 million since November 2025.

MeNews

2026-04-08 19:00:18

Abstract generation in progress

ME News update: On April 8 (UTC+8), according to on-chain sleuth ZachXBT, a North Korean IT professional’s devices were infected with malware, leading to leaked data from internal payment servers. The leak involves approximately 390 accounts, chat records, and encrypted transactions. The leaked data shows that the North Korean IT team reported income through the internal platform luckyguys.site, using large numbers of forged identities and fake legal documents to transfer cryptocurrency from exchanges or other services into a wallet controlled by an administrator account “PC-1234,” and then converting it into fiat currency via China Bank accounts and platforms such as Payoneer. Since November 2025, the related addresses have received more than $3.5 million, and one Tron address was frozen by Tether in December 2025. ZachXBT also published the network’s organizational structure, payment breakdowns, and some publicly verifiable addresses. (Source: PANews)

TRX0,73%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.