Favrr

#Favrr • 2025-06

🇬🇮 Gibraltar

On June 25, 2025, Favrr’s FAVRR token DEX listing was exploited, with blockchain analysis estimating more than $680,000 stolen from the Web3 project. The analysis linked the loss to payroll and wallet flows involving suspected DPRK IT workers hired as developers, including consolidation wallets and a Gate deposit address tied to the suspected exploiter.

Related Actors

Famous Chollima

Crowd Strike

Formerly tracked by CrowdStrike Intelligence as the BadClone activity cluster, FAMOUS CHOLLIMA has been active since at least 2018. The adversary primarily conducts operations to illicitly obtain freelance or full-time equivalent (FTE) work to earn a salary that can be funneled to North Korea. The adversary has also deployed the custom malware families BeaverTail and InvisibleFerret

Famous Chollima Adversary Profile
First seen: 2024-08 • Last seen: 2026-06

Related Reports

2025-08-13
Zach XBT
#ITWorker #Favrr
2025-06-28
Zach XBT
#ITWorker #Favrr #ChainSaw
« Back