1/ An unnamed source recently compromised a DPRK IT worker device...

ZachXBT@zachxbt
4 views
Aug 13, 2025
~2 min read
8
8/ The 0x78e1 address is closely tied onchain to the recent $680K Favrr exploit from June 2025 where their CTO and other devs turned out to be DPRK ITWs with fraudulent documents.
Additional DPRK ITWs were identified at projects from the 0x78e1 address.
x.com/zachxbt/status…
Additional DPRK ITWs were identified at projects from the 0x78e1 address.
x.com/zachxbt/status…
11
11/ The main challenge faced in fighting DPRK ITWs at companies include the lack of collaboration between services and the private sector.
There’s also the negligence by the teams hiring them who become combative when alerted.
ITWs are in no way sophisticated but are persistent since there’s so many flooding the job market globally for roles.
Payoneer is commonly being used to convert fiat into crypto from dev work.
I have already covered multiple times on indicators of what to look out for so I will not repeat those again.
There’s also the negligence by the teams hiring them who become combative when alerted.
ITWs are in no way sophisticated but are persistent since there’s so many flooding the job market globally for roles.
Payoneer is commonly being used to convert fiat into crypto from dev work.
I have already covered multiple times on indicators of what to look out for so I will not repeat those again.



















