Learn how a North Korean group used 31 fake identities to infiltrate crypto firms and steal $680,000 from Favrr. Inside their tools, tactics and deception.
In a twist worthy of a cyber‑thriller, a group posing as blockchain developers pulled off a $680,000 heist on fan token marketplace Favrr in June 2025, only to be unmasked when one of their own devices was counter‑hacked.
What emerged was startling: Six North Korean operatives had at least 31 fake identities. They carried forged government IDs, phone numbers and fabricated LinkedIn and Upwork profiles. Some even posed as talent from Polygon Labs, OpenSea and Chainlink to infiltrate the crypto industry.
