Several NFT collections associated with Matt Furie, the original creator of Pepe the Frog, suffered major losses totaling around $1 million due to contract takeover exploits attributed to a North Korean hacker group. The attacks targeted Furie’s partnership with NFT studio ChainSaw, as well as another project called Favrr, which lost approximately $680,000. The hacker gained entry through deceptive recruitment, posing as IT candidates, and then transferred ownership of key NFT contracts to their own addresses. They minted large amounts of NFTs, dumped them, driving floor prices down to zero, and subsequently laundered proceeds through multiple exchanges.
On June 18, the attacker took control of the ‘Replicandy’ contract linked to Furie’s NFT collections, swiftly withdrawing mint proceeds and initiating a mint-and-dump cycle. Similar takeovers occurred on three other collections: Peplicator, Hedz, and Zogz. The total theft from these ChainSaw-linked projects is estimated at about $310,000.
Favrr, another NFT and freelance services token project, suffered a separate attack on June 25, losing over $680,000. Its CTO, identified as Alex Hong, has since deleted his LinkedIn profile, and attempts to verify his credentials were unsuccessful. Favrr announced it will refund affected participants, cancel its MEXC listing, and perform a comprehensive code audit.
The North Korean hacker group used fake profiles for hiring, bypassing security checks. Researcher ZachXBT traced the hacker’s activities through blockchain data and noted consistent indicators pointing to North Korean IT workers, such as language and time zone metadata. The incidents highlight significant security failings in NFT project hiring practices and increased cryptocrime risks from well-organized North Korean threat actors, including the Lazarus Group.
Both ChainSaw and Furie have remained largely silent since the attacks, with limited public responses and disabled communication channels. The breaches underscore vulnerabilities inherent in “shadow hiring” practices within crypto and NFT projects using outsourcing via gig platforms.