TechFlow News, April 8: According to ZachXBT, an anonymous source has shared data stolen from an internal payment server in North Korea, covering 390 accounts, chat logs, and cryptocurrency transaction records. Since late November 2025, the associated payment wallet addresses have received over $3.5 million, with funds subsequently withdrawn via exchanges or converted into fiat currency through platforms such as Payoneer and deposited into Chinese bank accounts.
On-chain tracking reveals that these internal payment addresses are linked to known North Korean IT worker clusters; one Tron-based payment address was frozen by Tether in December 2025. Three companies appearing on the user list—including Sobaeksu—have been sanctioned by the U.S. Office of Foreign Assets Control (OFAC). ZachXBT has compiled a complete organizational chart, with the dataset spanning December 2025 to February 2026.
