On April 8, blockchain investigator ZachXBT revealed that an anonymous source had obtained data from an internal North Korean payment server. The leak includes 390 accounts, chat logs, and cryptocurrency transaction records, exposing a highly organized scam network generating around $1 million in monthly volume.
How the Scam Network Operates
The data shows a structured operation involving fake identities, forged legal documents, and multi-channel fund transfers. Participants often pose as remote IT workers, gaining trust before executing fraud or theft. The standardized workflow highlights a mature and scalable system.
Weak Internal Security Exposed
The organization relied on an internal platform similar to a messaging tool for reporting and payments. However, the system used a default password “123456” for an extended period, significantly weakening its security. User data included roles, locations, and organizational groupings, offering deep insights into the network’s structure.
Crypto-to-Fiat Conversion Methods
Funds typically move from crypto exchanges to external wallets, then through banking channels or payment platforms for fiat conversion. Administrators confirm receipt and issue credentials, ensuring controlled yet obscured fund flows.
Organized Structure and Global Coordination
The leak reveals a clear hierarchy, including payment distribution across teams and operational roles. Members also use tools to bypass internet restrictions and collaborate via global communication platforms, indicating a coordinated international effort.
Detecting Such Threats with On-Chain Monitoring
This case highlights how crypto fraud has evolved into organized, system-level operations. Traditional defenses are no longer sufficient.
Trustformer KYT enables real-time transaction monitoring and behavioral analysis, helping organizations detect suspicious fund flows and address linkages between risky addresses. By integrating Trustformer KYT, platforms can gain visibility into complex laundering patterns and respond proactively.
A New Era of Crypto Security Challenges
As scam networks grow more sophisticated, risks extend beyond technical vulnerabilities to operational and organizational layers. From identity fraud to cross-border fund movement, the threat landscape is rapidly evolving.
This leak serves as a critical warning: only through continuous monitoring and advanced analytics can the industry effectively counter large-scale, organized crypto crime.