ZachXBT: At least 345 to 920 positions in encryption projects have been infiltrated by North Korean IT personnel since the beginning of this year

Crypto detective ZachXBT stated on X platform that its investigation found that since January 1, 2025, over $16.58 million in payments have been made to North Korean IT personnel hired as developers by various projects and companies, with an average monthly amount of $2.76 million. Calculated based on a monthly compensation of $3000-8000 per person, it is equivalent to at least 345 to 920 positions being penetrated. Among the six clusters he monitored, one cluster successfully traced 8 North Korean information technology workers working on more than 12 projects, with payment addresses and fund flows to two consolidated addresses. Through open source intelligence, it was discovered that Sandy Nguyen (@ bullishgopher) of the cluster was photographed standing next to the North Korean flag during activities in Russia. Despite a large number of intrusion indicators and research data being made public, some people still believe that this is a conspiracy theory. After communicating with relevant teams, he also discovered other suspicious situations in the cluster, such as refusing to meet offline but claiming to be in the same city, mutual job recommendations, abnormal IP addresses, changing usernames, deleting accounts, paying to the same address, and failing KYC checks.