What are the important details about North Korean Hackers Stole 3.5M$ Crypto: RON Ronin?

ZachXBT revealed that 140 North Korean IT workers have stolen 3,5M$ in crypto since November. The team led by Jerry infiltrated using fake identities. Past hacks, including Ronin (RON), were recalled. You can read the full article for more information.

What is the current status of RON coin?

Current analysis and evaluations on RON are covered in detail in our article. You can review the article for technical analysis, price movements and future expectations.

How can I follow the latest cryptocurrency news on COINOTAG?

COINOTAG provides the latest news, analysis and market data in the cryptocurrency world. You can instantly follow all developments by visiting our homepage or subscribing to our notifications.

North Korean Hackers Stole 3.5M$ Crypto: RON Ronin

How Was North Korea's IT Team's Crypto Theft Exposed?

A group of North Korean IT workers infiltrated crypto projects as developers by hiding their identities and obtained cryptocurrencies worth 3,5 million dollars since late November. Blockchain researcher ZachXBT shared data leaked by a hacker who seized one of their devices on the X platform. Member "Jerry" and the 140-person team were earning about 1 million dollars per month. Payments were coordinated on the site luckyguys.site with the password "123456". Some members worked at Sobaeksu, Saenal, and Songkwang companies sanctioned by the US OFAC. Crypto payments were converted to fiat via Payoneer and transferred to Chinese banks; wallets show connections to North Korea that have been blacklisted by Tether. This method highlights the criticality of hiring and AML checks in the crypto sector.

Total Theft: 3,5 million dollars (since November)
Monthly Income: ~1 million dollars
Team Size: 140 people

ZachXBT Leaderboard and Fake Identity Tactics

According to ZachXBT, a leaderboard showing each employee's earnings since December 8 was maintained. Jerry applied to Indeed as a full-stack developer via Gmail with Astrill VPN; used a fake Hong Kong invoice and Irish passport. This group, though less sophisticated than others like AppleJeus, was effective.

RON Ronin Bridge Hack and North Korea Threat

North Korea-backed hackers have stolen more than 7 billion dollars since 2009. Attacks on Bybit (1,4 billion dollars) and the RON network Ronin bridge (625 million dollars) stand out. The Ronin hack deeply affected the RON futures market. This new group poses a threat with similar tactics; the industry is moving towards stricter KYC. Click for detailed RON analysis.

Frequently Asked Questions About North Korean Hackers and RON

How did the North Korean group receive payments? Via luckyguys.site, transfer to China via Payoneer.
Is the RON Ronin hack related to this group? Similar North Korea connection; 625M$ stolen, RON ecosystem shaken.
What is the total North Korean theft? 7 billion dollars+ (since 2009).

Strategy Analyst: David Kim

Macro market analysis and portfolio management

This analysis is not investment advice. Do your own research.

North Korean Hackers Stole 3.5M$ Crypto: RON Ronin

Contents

Contents

How Was North Korea's IT Team's Crypto Theft Exposed?

ZachXBT Leaderboard and Fake Identity Tactics

RON Ronin Bridge Hack and North Korea Threat

Frequently Asked Questions About North Korean Hackers and RON

Comments

Other Articles

Senators Question Tether-Lutnick Loan

Warren and Wyden's Tether-Lutnick Conflict of Interest

Stern Letter from Warren and Wyden to Tether-Lutnick