The projects related to the creator of the same Pepe Matt Furie and the NFT Studio Chainsaw lost about $ 1 million for contractual takeover exploits last week, according to the ZachxBT channel investigator.
June 27, Zachxbt Transaction records reported showing that the attacker took control of the “replica” contract at 4:25 pm UTC on June 18 by transferring the property to the external owned address 0x9fca.
Two hours later, the new owner withdrew the mint product and, at 5:11 a.m. the next day, reopened the mint, issued fresh NFT and threw them into open offers, pushing the price of the soil to zero.
On June 23, the same address resumed three additional chainsaw contracts: Peplicator, Hedz and Zogz. The bad actor then repeated the cycle of the mint and the attempt.
Zachxbt estimated the flight combined at more than $ 310,000 and linked the funds to three collector addresses: 0xf6a9, 0x7e58 and 0x58f4. He drew a payment of 2.05 ETH from 0x9FCA to an exchange deposit which converted to 5,007.91 USDT and was then transferred to Mexc.
He later mapped many smaller monthly deposits of unrelated projects in the same exchange portfolio.
Two GitHub accounts, “Devmad119” and “Sujitb2114”, list the portfolios which cross the track of the FLOOD Fund.
The two accounts share indicators according to which Zachxbt associated with North Korean IT workers, including the parameters of the Korean linguistic system, astral VPN sessions and time zones in Asia-Russian, despite curriculum vitae which claim the American residence.
Avour feat follows the same pay path
A second incident has surfaced on June 25, when the freelance token services project Favrr lost more than $ 680,000 after its list on a Dex. The chain analysis linked the feat to the consolidation portfolio 0x477, which received the recurring payments of the FAVRR payroll addresses 0x1708 and 0x6412.
The Gate.io 0xab7 deposit address received part of the Favrr stolen tokens and has already been funded by the alleged developer behind “Sujitb2114”.
FAVRR has announced that it would reimburse all participants to offer to initial participants, to cancel its Mexc list and launch an in -depth audit of its code base. The project added that it will publish a new launching calendar “in the coming weeks” and advised users to avoid negotiating impostor tokens in the interval.
Zachxbt reported that Favrr technology director, listed like Alex Hong, deleted his Linkedin profile after the feat. Attempts to verify its professional history with previous employers failed.
The investigator plans to publish aggregated data on payroll flows to portfolios linked to the same North Korean cluster, saying that basic reasonable diligence checks have reported the hires.
The stolen funds from the chainsaw collections remain inactive, while most favrr profits have already passed through Gate.io and several nested services.
Zachxbt said he had not reached teams because their direct messages are closed and the official telegram or discord rooms do not provide contact options.
The incidents draw the renewed attention to the risks of “hiring of the shadow” in cryptographic projects that subcontract development via gig-work platforms.
Investigators continue to follow the chain trails and affected communities await official statements in Furie, the chainsaw and the favrr.
