Fake IT Hires Loot $1M from NFT Platforms in Growing Crypto Threat
Web3 projects exploited in minting scheme as attackers blend into teams and siphon funds through laundering networks.
Cybercriminals Infiltrate NFT Startups Disguised as Tech Insiders
A fresh wave of cyberattacks has rocked the Web3 community, with hackers posing as IT staff stealing over $1 million in crypto assets by infiltrating NFT and blockchain projects, according to cybersecurity analyst ZackXBT.
In a statement posted on X (formerly Twitter) last Friday, ZackXBT detailed how the attackers embedded themselves within Web3 teams and exploited minting systems across platforms like Favrr, Replicandy, and ChainSaw, among others.
Tracing the funds from the exploit. Source: ZackXBT
The attackers used their access to mint large volumes of NFTs, sold them en masse, and triggered a collapse in project value by driving floor prices to zero, draining liquidity while walking away with profits.
Following the heist, stolen funds were swiftly routed through crypto exchanges and nested wallets to obscure the money trail. ZackXBT noted that ChainSaw’s stolen funds remain mostly dormant, whereas funds siphoned from Favrr were already funneled through layering services — an indication of a laundering attempt.
This method mirrors a larger trend: internal infiltration of Web3 projects by malicious developers exploiting the remote work environment of blockchain teams. These schemes allow bad actors to gain trust and system access under false pretenses.
Global Pattern of Insider Attacks Emerges
The tactics echo a broader cybersecurity issue. In November 2024, analysts uncovered a North Korean-linked hacking syndicate known as Ruby Sleet infiltrating U.S. defense and aerospace contractors. These operatives used social engineering, fake recruitment programs, and even remote IT job postings to breach networks.
More recently, Coinbase disclosed in May 2025 that it had suffered a data breach impacting 69,461 users, stemming from an inside job. Third-party customer service contractors were bribed to leak sensitive data — including user names, phone numbers, and addresses — for an attempted ransom.
As cybercrime continues to evolve, experts warn that internal vectors like fake IT hires are becoming a critical weak point for crypto startups and established exchanges alike.
Rhapsody of Realities is a life guide that brings you a fresh perspective from God’s Word every day. It features the day’s topic, a theme scripture, the day’s message, the daily confession and the Bible reading plan segment. It is God's Love Letter to You!
