Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Tied projects Pep Creator Meme Matt Furie and NFT Studio Chainsaw lost about $ 1 million last week, according Zacxbt.
27. June zacxbt Reported transaction records It turned out that the attacker had confiscated control of the “replica” contract at 4:25 am UTC 18th June by transferring ownership to an externally owned address 0x9FCA.
Two hours later, the new owner downloaded the proceeds of the Mint and at 5:11 the next day he reopened the coin, released fresh NFT and threw them into open offers and moved the price of the floor to zero.
23 June The same address was taken over by three other chain saw contracts: Peplicator, Hedz and Zogz. The bad actor then repeated the cycle of mints and shock absorbers.
Zacxbt estimated combined theft at more than $ 310,000 and joined the funds to three collectible addresses: 0xf6a9, 0x7e58 and 0x58F4. Watched 2.05 Eth Payment from 0x9FCA to an exchange deposit that was converted to 5 007.91 USDT and then moved Mexc.
Subsequently, he mapped many smaller monthly deposits from unrelated projects into the same stockwriting wallet.
Two accounts of Github, “Devmad119” and “Sujitb2114”, acquainted with wallets that intersect the trail of the stolen fund.
Both accounts share indicators that zacxbt associated with North Korean IT workersIncluding the Korean language system settings, Astral VPN sessions and Asia-Rusko, despite the resumes that claim US residence.
Favrr Exploit follows the same way of paying list
The second incident emerged on June 25, when the project Token Services Frelation Services Favrr lost more than $ 680,000 on its list. Analysis on the chain combined exploitation with consolidation wallet 0x477, which received recurring payments from Pavrr Payroll address 0x1708 and 0x6412.
The Gate.io 0xab7 deposit address received part of the stolen Favrr tokens and was previously financed by a suspicious developer for “Sujitb2114”.
Favrr announced that it will return all the initial decentralized participants’ offers, cancel their Mexc list, and start a thorough audit of its code base. The project added that it will publish the new starting timeline “in the coming weeks” and recommends users to temporarily avoid trading with fraudsters.
Zacxbt said that the Chief Technology Director of Favrr, listed as Alex Hong, deleted his profile LinkedIn after exploit. Attempts to verify its working history with previous employers were unsuccessful.
The investigator plans to release summary data on wage streams into wallets linked to the same North Korean cluster and claims that basic controls of DUE diligence would mark rent.
Stolen funds from the chain saw collections remain idle, while most of the Favrr revenues have already gone gate.io and several nested services.
Zacxbt said he had not reached the teams because their direct message channels are closed and the official telegram or Discord rooms do not provide contact options.
Incidents draw attention to renewed attention The risk of “shadow hiring” In crypto projects that outsource development through GIG-Work platforms.
Investigators continue to monitor the on-seams trails and the affected community await a formal statement of furia, chain saws and favrr.
