Behind the $1.4 Billion Crypto Theft: Hacker Developer’s Computer “Packet Sniffed,” Internal Operation Details Revealed for the First Time

2025-12-05 15:20:22

[Crypto World] Cybersecurity company Hudson Rock recently did something quite interesting—they stumbled upon some big news while analyzing a malware log.

Here’s what happened: While reviewing records from the LummaC2 info-stealer program, researchers noticed something unusual about one infected computer. The owner of this device? Most likely a programmer who writes malicious code for North Korea’s official hacker organization. Even more shocking, this very machine was used to set up the attack infrastructure behind the $1.4 billion theft from a major exchange earlier this February.

Digging deeper, they found that the login credentials stored on this computer matched those used to register fake exchange domains before the attack. The hardware setup showed no expense spared—it had professional development tools like Visual Studio and Enigma Protector, plus a stack of communication apps including Astrill VPN, Slack, and Telegram.

Browsing history revealed that the attacker specifically bought domains for phishing and prepared fake Zoom installers as bait. This exposure offers a rare glimpse into how these state-level hacker teams share resources and coordinate their operations. It’s now almost certain that the massive theft was orchestrated by a highly organized professional team.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

18 Likes

Reward
18
6
Repost
Share

Comment

0/400

ZeroRushCaptain

· 7h ago

Damn, this hacker dude spends money even better than I do, buying sets of professional tools, while I’m just thinking every day about how to bottom-fish with free software. With this counter-indicator out, major exchanges should hurry up and check their defenses, or else who knows who’ll be the next to lose 1.4 billion. The money North Korea makes from writing malicious code is probably more than my entire year’s trading profits... Getting packet-sniffed shows that even top-level hackers can’t escape the fate of being caught on camera. Somehow, that gives me a weird sense of comfort. This guy used Astrill VPN and still got caught, and here I am using a VPN and getting rekt every day... One chain led to half of the black market being uncovered—Hudson Rock’s investigative skills are for real, even sharper than my trading analysis.

View OriginalReply0

DaoResearcher

· 12-06 01:19

From the data performance, the traceability value of this $1.4 billion crypto theft case far exceeded expectations—Hudson Rock unintentionally captured not only the attacker’s identity, but also exposed the entire governance chain of the underground operation. It is worth noting that the detail of credentials in the LummaC2 logs being linked to counterfeit domains actually reflects a highly organized division of labor, which is strikingly similar to the permission management mechanisms of certain DAOs—both involve economic game theory around identity authentication and access control. In other words, the operation model of the North Korean hacker group is, to some extent, an illegal “attack DAO,” only with the incentive mechanism completely reversed.

View OriginalReply0

GamefiGreenie

· 12-05 15:47

Damn, this hacker is way too arrogant, directly storing login info on their own computer... Isn't this just handing over the evidence? It's really true that some people are dumb with too much money. They managed to steal 1.4 billion and still got caught like this. Is this the level of North Korean hackers? What kind of show are they putting on for us here? Hudson Rock is going to be famous now, basically cracked a major case. By the way, I can't believe this guy had such a complete set of development tools, no wonder he could write such complex malware. Seems like the internal management of North Korean hacker organizations isn't that great either, letting programmers mess around like this... But then again, being able to steal 1.4 billion does show some skill, just lacking in counter-surveillance. Looks like a bunch of coins are about to get dumped again, exchange security really is a joke.

View OriginalReply0

GrayscaleArbitrageur

· 12-05 15:47

Damn, this hacker dude was way too careless, he actually got reverse-hacked by his own botnet. $1.4 billion, just got exposed like that? North Korea must be furious. Now this is interesting, they've directly identified the individual. Hudson Rock is basically giving off CSI vibes with this move. They really dared to spend big on setup, even used Enigma Protector, but still couldn’t avoid social death. No wonder the crypto world can’t defend against these guys, turns out this is the root cause. How does someone pull off a $1.4 billion job with such a rookie mistake? This is getting more and more ridiculous. Even used a VPN and still got caught, what does that say? There's always someone better out there. Gotta check my wallet ASAP, these people are really close by. Hudson Rock just made a comeback with this one. Where's the cybersecurity department?

View OriginalReply0

bridgeOops

· 12-05 15:46

Damn, did they crack the North Korean hacker’s computer? This is insane, feels like I’m watching a spy movie. By the way, this guy was using professional-grade development tools from big companies. A $1.4 billion case just got uncovered like this. They were just analyzing malware logs, and ended up catching the mastermind behind it. Hudson Rock really pulled it off this time. If this is real, the infosec community is going to explode. Are North Korean hacker group workflows really this sloppy? Gotta say, the fact that a fake exchange domain could actually match the login credentials—this hacker group’s security awareness is honestly beyond words.

View OriginalReply0

RektRecorder

· 12-05 15:31

Damn, are North Korean hackers really this bad? Writing malicious code on their own devices without even using a VPN, totally exposing themselves. 1.4 billion gone just like that? Feels like any edgy teenager could have been more discreet. Hackers and developers have such professional setups, but still got caught. What does that tell you... This is why I never touch centralized exchanges, I’m done. Fools with too much money? They actually dared to use their own computers for such a big job. Hudson Rock really did something big this time—this scoop is going to make waves for a while. Just imagine the hacker’s face when they saw the news about being exposed, haha... No matter how outrageous the method, you can’t escape being uncovered in the end—blockchain never forgets.

View OriginalReply0

Trending TopicsView More
#JoinGrowthPointsDrawToWiniPhone17
282K Popularity
#DecemberMarketOutlook
77.76K Popularity
#PostonSquaretoEarn$50
12.66K Popularity
#LINKETFToLaunch
13.03K Popularity
#SharingMy100xToken
15.2K Popularity

Hot Gate FunView More

1
GBIRDGBird
MC:$0.1Holders:1
0.00%
2
HLHuLi
MC:$3.53KHolders:1
0.00%
3
HRUMHrum
MC:$3.52KHolders:1
0.00%
4
HLHuLI
MC:$3.53KHolders:1
0.00%
5
GCLOCKGClock
MC:$3.54KHolders:1
0.00%

Sitemap