Gate News update. On April 8, on-chain investigator ZachXBT revealed that an anonymous source shared data stolen from internal North Korean payment servers, covering 390 accounts, chat logs, and information on cryptocurrency transactions. From the end of November 2025 to the present, the related payment wallet addresses have received more than $3.5 million in total. The funds were routed out via a certain CEX or exchanged through platforms such as Payoneer into fiat currency, which was then deposited into bank accounts in China. On-chain tracking shows that the internal payment addresses are linked to a known North Korean IT worker cluster, and one Tron payment address was frozen by Tether in December 2025. Among the user list, three associated companies have been sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), including Sobaeksu. ZachXBT has compiled a complete organizational structure chart, with data scope covering from December 2025 to February 2026.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
