Several projects affiliated with the PEPE innovator – Matt Furie – have been subject to a hacking that followed a suspected network of it includes information technology workers (IT) in North Korea, according to the security researcher Zachxbt.
Researcher Zackxbt attached this electronic attack – which has affected several projects that are not replaced (NFT) linked to the frog innovator, Bibi Matt Fiore Chainsaw, namely replication and peppletor, and $ 310,000 of these two projects were stolen alone.
A North Korea network suspected of being involved in the flight of digital currencies worth $ 680,000 and hacking of NFTs developers and teams
Zachxbt explained in an article on the X platform that the hackers managed to control the property of intelligent contracts and used them to issue new codes (NFT) (NFT), which caused the zero of affected groups.
This penetration began on June 18, 2025, when the property of a project was transferred Replicates to an external detainee account (EOA) bearing the name 0x9FCA, and the money was removed immediately after that.
The striker resumed the NFTS version the next morning and put it on sale, and a few days later – on June 23 – the same address dominated the Puplicator, Hedz and Zogz project contracts associated with Matt Furi and the chainsaw.
On the other hand, the stolen money from projects affiliated with the chainsaw platform was followed via 3 portfolios, where part of the parts of Ethereum-Eth was then transferred and transferred to the decentralized Mexc trading platform.
Zachbt noted that one of the deposit addresses on the Mexc platform had received repeated transfers – its value varied between $ 2,000 and $ 10,000 – over several months, indicating the use of the same network to penetrate several cryptographic projects.
Additional surveys have revealed that there are accounts on the GitHub platform linked to the alleged attackers, and Zachxbt indicated that one of the developers claimed his presence in the United States, but his account contexts were Korean, and he used astral VPN and worked in Asian / Russian areas, which calls for doubt that it comes from North Korea, internal registers and the links of the States of the statutes of this hypothesis.
On the other hand, Favrr came among the affected projects, losing more than $ 680,000 on June 25. One of his developers – Alex Hong – is suspected of North Korea, in particular after having been deleted his personal file on LinkedIn recently, and failed to verify his previous professional experience.
“It seems that the technical director of the FAVR project is suspect, and it is likely that he is one of the workers of information technology of the Democratic Republic of the Popular Democrat (RPDC) who were employed.” He added: “This situation is very frustrated because many project teams employ workers in North Korea without a simple verification procedure which was sufficient to prevent it.”
Zackxbt criticized the lack of transparency of Matt Furi and the chainsaw, noting that their only warning to the company has been deleted without explanation, and said that most of the stolen money with the hacked chainsaw has not yet been moved, while the favr money was washed through Gate.io and other channels.
Zachxbt also intends to publish larger statistics soon to highlight the growing proliferation of north-Korean workers suspected in the cracking sector.
The IT program of North Korea is linked to continuous breakthroughs in the world of Chipo, and the United States confiscate $ 7.7 million in washed silver
On June 6, the United States Ministry of Justice submitted an action for civil approval to reserve digital currencies worth $ 7.7 million, which represents the benefits of North Korean workers who pretended to be remote self -employed workers, because they have succeeded in obtaining work in Bluchen companies and transformed their profits – which have often been paid in North Sanctions.
The use is evolving to seize $ 7.7 million in cryptography linked to North Korean IT workers who have launched funds via independent false concerts.#Doj #Cryptoenforcement https://t.co/7iknodabl – cryptonews.com (@cryptonews) June 6, 2025
The American authorities have said that this process supports the North Korean weapons program and has been implemented using false identities, advanced money laundering strategies and false companies. In this context, one of the Sim Hyon Sop involved was appointed according to an indictment in 2023 and was known for its relationship with the North Korean Bank of Foreign Trade.
Consequently, the disclosure of these internal threats for external inventors increases, as the Lazare notorious group – and theft responsible for the flight of $ 1.4 billion on the Bybit platform in February – continues to develop its methods. Just in 2024, Pirates from North Korea stole $ 1.3 billion out of 47 separate incidents, according to Chainalysis.
Deployment of North Korean pirates "Pyangghost" Trojan pretending to be recruits Coinbase to steal cryptographic references thanks to false job interviews, part of $ 1.3 billion in campaign targeting industry progress.#NoThkoran #Coinbasehttps://t.co/cgedvs7s3j – cryptonews.com (@cryptonews) June 20, 2025
On the other hand, a new front appeared in this cyber war, which is the nasty software attacks. On June 20, Cisco Talos researchers revealed the “Pyangghost” software built in Python, which is used by the famous Azarus Chollima collection, and this software works to hide by false work interviews to install harmful programs that steal the accreditation data of the victims, mainly targeting professionals in Crepto inside India.
With North Korea which goes from force of penetration by force to social engineering and internal access, the risks encountered by startups in the field of Chipto, in particular the communities of MG and not distributable (NFTS).
According to Zachbt Red, the creator of Frog (PEPE) is exposed to a penetration of $ 1 million in a North Korea network.