ZachXBT: A North Korean IT team laundered over $3.5 million in crypto assets using fake identities and cross-border accounts.

CoinFeed reported on April 8th that, according to blockchain detective ZachXBT, a North Korean IT worker's device was infected with a Trojan, leading to the leakage of data from its internal payment server. This data involves approximately 390 accounts, chat logs, and encrypted transactions. The leaked data shows that the North Korean IT team reported income through the internal platform luckyguys.site, using numerous forged identities and fake legal documents to transfer cryptocurrency from exchanges or other services to a wallet controlled by the administrator account "PC-1234," and then exchanged it for fiat currency through Chinese bank accounts and platforms such as Payoneer. Since November 2025, the relevant addresses have received over $3.5 million, and one of the Tron addresses was frozen by Tether in December 2025.