ChainSaw

#ChainSaw • 2025-06

🇦🇺 Australia

#Cryptocurrency #FinancialGain

On June 18 and June 23, 2025, Matt Furie and ChainSaw-linked NFT projects including Replicandy, Peplicator, Hedz, and Zogz were exploited after contract ownership was transferred to attacker-controlled wallet 0x9Fca. The attacker unpaused mints, minted NFTs, and sold into bids, driving floor prices to zero and stealing an estimated $310,000-plus; the same blockchain analysis linked the activity to suspected DPRK IT workers hired into Web3 developer roles.

1

Related Reports
1

Affected Countries
12

Months Since

Related Actors

Famous Chollima

Crowd Strike

Formerly tracked by CrowdStrike Intelligence as the BadClone activity cluster, FAMOUS CHOLLIMA has been active since at least 2018. The adversary primarily conducts operations to illicitly obtain freelance or full-time equivalent (FTE) work to earn a salary that can be funneled to North Korea. The adversary has also deployed the custom malware families BeaverTail and InvisibleFerret

Famous Chollima Adversary Profile

First seen: 2024-08 • Last seen: 2026-06

Related Reports

2025-06-28

Zach XBT

Multiple projects tied to Pepe creator Matt Furie & ChainSaw as well as another project Favrr were exploited

#ITWorker #Favrr #ChainSaw

« Back