Recent hacks targeting projects linked to Pepe the Frog creator Matt Furie, along with Iranian crypto exchange Nobitex exploit, reveal complex schemes and potential DPRK involvement.

Matt Furie, Hacking, and DPRK: A Tangled Web in the Web3 World
The crypto world moves fast, and sometimes it takes unexpected turns. Recently, the intersection of meme culture, NFT projects, and alleged North Korean cyber activity has created a particularly bizarre and concerning narrative. Let’s dive in.
The Replicandy Debacle and the Matt Furie Connection
Matt Furie, the artist behind the iconic Pepe the Frog meme, hasn't had the best luck lately with his NFT ventures. His 'Replicandy' collection, launched in June, suffered a major blow when a hacker exploited a vulnerability, minting thousands of new NFTs and tanking the floor price by a staggering 97%. Ouch.
But it gets weirder. Blockchain investigator ZachXBT uncovered a potential link between the Replicandy exploit and a broader hacking campaign, pointing fingers at... North Korea.
DPRK IT Workers and the Web3 Infiltration
ZachXBT's investigation suggests that North Korean IT workers, likely hired unknowingly as developers, may be behind the attacks on Replicandy, as well as other projects like Favrr, Hedz and Zogz. The attacker gained control of the key contracts and initiated a second token issuance and dumped them into the liquidity pool, causing a sharp collapse in the floor price.
The Favrr project, a Web3 marketplace, experienced a similar exploit, with over $680,000 siphoned off. Funds were traced to addresses associated with potential payments to DPRK IT specialists. GitHub profiles with suspicious activity – Korean language settings, VPN usage, mismatched time zones – further fueled the suspicion.
On-Chain Evidence and the Nobitex Hack
The investigation revealed a network of addresses used to consolidate and route funds to centralized exchanges, with some flows indicating a persistent compensation system for the alleged ITW group. Also, Iranian cryptocurrency exchange Nobitex suffered a breach, with onchain data revealing that around $82 million was siphoned from its reserves. A hacker collective calling itself Predatory Sparrow has claimed responsibility for the coordinated hit on the centralized exchange (CEX).
Why This Matters
This situation highlights the growing threat of sophisticated cyberattacks targeting the Web3 space. With more money flowing into crypto, it's becoming an increasingly attractive target for malicious actors, including nation-state-backed groups. The alleged involvement of North Korean hackers demonstrates a systemic approach to infiltrating projects by posing as developers. So, the web3 builders must be extremely vigilant when designing security architectures, and calls users to exercise maximum caution.
Final Thoughts
From Pepe memes to potential North Korean hacking rings, the crypto world is never short on surprises. It's a wild, wild west out there, folks. So buckle up, stay vigilant, and maybe double-check who you're hiring as a developer. You never know where they might actually be logging in from!