Pepe creator Matt Furie was hacked after accidentally hiring North Korean hackers during the processing of several Non-Fungible Token collections. The same group is estimated to have caused losses of around 1 million dollars by attacking another company, Favrr.
Furie collaborated with the Non-Fungible Token company Chainsaw, which is known to have hired the problematic North Korean hackers. Another company, Favrr, even hired these hackers as a CTO.
Increasing North Korean Hacker Threats
Pepe is a famous cartoon frog and a popular topic for meme coins. However, its original creator is not related to this. Visual artist Matt Furie created this character about 20 years ago.
Furie was trying to earn revenue in the growing industry by releasing a Non-Fungible Token collection with Chainsaw. However, the North Korean hacking seems to have destroyed the project.
The famous cryptocurrency detective ZachXBT posted a comprehensive overview of the incident. Essentially, the damage occurred because an insider transferred the Mint contract for Replicandy, one of Furie's Non-Fungible Token collections, in the middle of the night.
Afterward, the hackers Minted Non-Fungible Tokens until the price floor reached zero. Five days later, they did the same with three other collections, earning about $310,000.
The attackers then went through a process of laundering the cryptocurrency, leaving traces of blockchain data that ZachXBT could track. After researching, he believed the hackers were North Koreans.
Specifically, the attackers created fake profiles to be interviewed and hired as project developers. This is a known theft tactic. From there, bypassing all security was very easy.
A few days later, another company fell for the same trick. The Non-Fungible Token launch platform Favrr lost $680,000 in a hack related to the same small North Korean group.
This theft was shocking for several reasons. The company hired this fake candidate as CTO, revealing a shocking lack of investigation.
11/ The Favrr CTO Alex Hong has a background which appears suspicious and is likely one of the two DPRK ITWs hired.
โ ZachXBT (@zachxbt) June 27, 2025
His LinkedIn was very recently deleted.
I also reached out to a project he supposedly worked at but could not verify his work history. pic.twitter.com/aIKb3f63BO
This terrible lack of security is the real problem. ZachXBT recently warned that North Korea's cryptocurrency hacking activities are actively increasing. This trend has become stronger since the Lazarus Group successfully carried out the largest hack in cryptocurrency history.
While cryptocurrency crime is generally increasing, these companies have taken almost no preventive measures.
More blameworthy is that Favrr is the only company to issue a public statement. Chainsaw posted a brief warning before later deleting it, and Matt Furie remains silent.
Both have disabled DMs on X. ZachXBT attempted to contact all victims but failed.
