Pepe Creators NFT Project Accidentally Hired a North Korean Hacker

Several NFT collections supported by Pepe creator Matt Furie suffered a massive hack after accidentally hiring a North Korean for an IT role. The same group attacked another firm, Favrr, amounting to $1 million in total losses.

Furie partnered with Chainsaw, an NFT firm that apparently hired its hacker for an IT role. Favrr employed one for its CTO, showing a concerning disregard for project security.

The Increasing Threat of North Korean Hackers

Pepe, the famous cartoon frog, is a popular subject for meme coins, but his original creator has nothing to do with them. Visual artist Matt Furie created the character around 20 years ago.

By partnering with Chainsaw to launch NFT collections, Furie attempted to finally capitalize on the growing industry, but a North Korean hack apparently crashed the project.

ZachXBT, a famous crypto sleuth, posted a comprehensive rundown of the incident. Essentially, an insider transferred the mint contract for Replicandy, one of Furie’s NFT collections, in the middle of the night.

From there, the hacker minted NFTs until the price floor reached zero. Five days later, he did it with three other collections, netting around $310,000.

The attackers had to launder their profits, leaving a breadcrumb trail of blockchain data that ZachXBT was able to trace. By studying this, he came to believe that North Koreans perpetrated the hack.

Specifically, an attacker made a fake profile to interview for an IT role with the project, a known theft tactic. From here, it was trivially easy to bypass all security.

A few days later, another company fell for the same trick. Favrr, an NFT launch platform, lost $680,000 to a hack involving the same small group of North Koreans.

This theft was much more jarring for several reasons, including the huge loss. The company hired this fake candidate to be its CTO, revealing a shocking lack of due diligence.

11/ The Favrr CTO Alex Hong has a background which appears suspicious and is likely one of the two DPRK ITWs hired. His LinkedIn was very recently deleted. I also reached out to a project he supposedly worked at but could not verify his work history.

— ZachXBT (@zachxbt) June 27, 2025

This appalling lack of security is the real problem. ZachXBT recently warned of increased North Korean activity, especially since the Lazarus Group pulled off the biggest hack in crypto history.

Crypto crime is elevated across the board right now, but these firms took next to zero precautions.

Even more damningly, Favrr is the only firm that issued a public statement. Chainsaw briefly posted a warning, which it later deleted, and Matt Furie has been silent, too.

Both also disabled their DMs on X. ZachXBT attempted to reach out to all the impacted parties but was unable to do so.