Blockchain investigator ZachXBT has exposed North Korean IT workers using Circle’s USDC stablecoin to funnel tens of millions in illicit payments. The on-chain sleuth accused the stablecoin company of turning a blind eye to a scheme that was part of a broader sanctions-evasion tactic, despite claiming regulatory compliance.
North Korea’s Deceptive IT Network Exposed
The controversy erupted when ZachXBT, a prominent on-chain sleuth, posted today on X, alleging that North Korean IT workers are exploiting USDC to receive payments for illegal work. The workers, posing as legitimate tech professionals, infiltrate global companies using fake identities, often bypassing security checks with forged documents.
ZachXBT highlighted transactions worth “high eight figures,” accusing Circle of failing to monitor or freeze these funds despite its compliance claims. North Korean IT workers, linked to the regime’s Reconnaissance General Bureau and the notorious Lazarus Group, have a history of such schemes. Since at least 2017, they have infiltrated more than 25 crypto projects, siphoning millions to fund Pyongyang’s weapons programs, according to ZachXBT and U.S. authorities.
ZachXBT Criticizes Circle’s Inaction
Circle, the issuer of USDC, has faced criticism for its apparent inaction. ZachXBT claims the company, which went public in June 2025 (NASDAQ: CRCL), profits from transaction fees while ignoring illicit flows, even as it seeks a U.S. banking license. Past incidents reveal that the Lazarus Group, North Korea’s cyber-arm, has stolen over $5 billion in crypto since 2017, including $200 million laundered into stablecoins like USDC between 2020 and 2023.
Circle’s delays in blacklisting funds, sometimes by months compared to rivals like Tether, have drawn scrutiny, especially after a 2024 hack linked to Lazarus stole $20 million from Indodax. These patterns highlight North Korea’s expertise in exploiting crypto for sanctions evasion, funding everything from nuclear programs to cyberattacks like the 2014 Sony Pictures hack.
The urgency of ZachXBT’s accusations was amplified by the February 2025 Bybit hack, where North Korea’s Lazarus Group stole $1.4 billion in crypto—the largest heist in crypto history. The FBI identified the culprits as “TraderTraitor” actors, who laundered funds across thousands of wallets, underscoring the ongoing threat. As North Korea continues to exploit crypto vulnerabilities, the industry faces mounting pressure to strengthen oversight.
