Circle is not as compliant as imagined: Zach reveals that tens of millions of USD in USDC become a money laundering tool for North Korean criminals.

On-chain detective ZachXBT recently revealed an investigation that shattered the regulatory compliance myth of stablecoin USDC issuer Circle. He pointed out that over $16.58 million in illicit funds have been paid to North Korean information technology workers via USDC this year alone, penetrating hundreds of cryptocurrency or startup projects extensively, yet Circle has allowed these funds to flow freely.

1/ My recent investigation uncovered more than $16.58M in payments since January 1, 2025 or $2.76M per month has been sent to North Korean IT workers hired as developers at various projects & companies.

To put this in perspective payments range from $3K-8K per month meaning… pic.twitter.com/pjHZG9wJ4r

— ZachXBT (@zachxbt) July 2, 2025

Malicious developers from North Korea are infiltrating globally, with USDC becoming the main payment tool.

Zach pointed out that since 2025, over 16.58 million USD has been paid to North Korean IT workers known by the alias "Freedom Developers" through the USDC stablecoin, with a monthly inflow of about 2.76 million USD. They have infiltrated hundreds of encryption and technology startup projects using false identities and have become a new breach in cybersecurity and financial sanctions:

To give everyone a better understanding of the situation, these amounts range from approximately 3,000 USD to 8,000 USD per month, which means they have infiltrated at least 345 to 920 jobs.

Zach stated that among the six major groups he tracks, a group of 8 IT workers successfully infiltrated over 12 project teams. They used methods such as fake identities, masking IPs, and false addresses to pass interviews and enter the teams, and concentrated the proceeds from the infiltration and siphoning into two main cryptocurrency wallets.

These individuals often hold positions in multiple projects simultaneously. Although the quality of work is poor and the dismissal rate is high, they can gain control over smart contract permissions after joining the team, posing risks for potential attacks.

Tether actively participates in law enforcement cooperation, while Circle stands by and watches?

Zach identified the developer known by the alias Sandy Nguyen, who was photographed holding a North Korean flag at an event in Russia, indirectly confirming their identity, and pointed out the common characteristics of these criminals:

They recommended each other to join the same team, claimed to reside in the United States but were found to be using Russian IPs, refused to meet with the team, frequently changed their GitHub names and deleted their LinkedIn accounts, and many people's payment addresses were duplicates, among other things.

(ZachXBT exposes North Korean hacker crime network, disguising as a developer infiltration team to embezzle funds: monthly income of 500,000 USD)

It is worth noting that there were three USDC transactions that were directly sent to their receiving addresses; however, these addresses had been blocked by Tether as early as 2023 and were listed on the blacklist of North Korean teams, while Circle did not take action to stop this.

Coinbase and MEXC exchanges have become new hotbeds for money laundering.

Additionally, Zach also revealed that although the outside world generally believes that the identity verification (KYC) and anti-money laundering (AML) mechanisms of US exchanges or brokers like Coinbase and Robinhood are stricter, there are an increasing number of North Korean criminals exchanging stablecoins and fiat currencies through these platforms.

At the same time, non-US exchanges like MEXC are also the preferred platforms for these individuals to launder illegal funds. In the past, Binance, which was heavily used, is now rarely utilized due to strengthened regulations and active cooperation with law enforcement.

He also pointed out a common misconception: "Many people believe that only encryption projects have this problem, but in fact, the traditional tech industry is just as severe, if not worse."

Outsourcing human resources becomes a cybersecurity concern: "These founders brought this upon themselves"

Zach's final warning: once one or two North Korean IT workers appear in the team, it can almost be concluded that the project is doomed to fail, after all, many startup teams themselves lack management capabilities.

Most of these developers have mediocre technical abilities, so this is mainly the result of the team's own negligence.

He emphasized that the reason North Korean malicious developers are so rampant is mainly due to the team either opening backdoors for the sake of cheapness or insufficient manpower, or the excessively high valuation leading to incompetent founders receiving too much funding.

(Is the real danger greater than hackers the insiders? North Korean hackers strike again, targeting the Web3 "slack culture" )

Compliance First: How much responsibility does Circle still have?

This investigation not only reveals North Korea's ongoing expansion of its funding flow network, but it undoubtedly deals a heavy blow to Circle's "Compliance-first" market image. Zack criticized the company for claiming to be the "most compliant" stablecoin, yet in reality, it lacks proper monitoring, reporting, and freezing mechanisms.

When stablecoins become a financial tool for nuclear-armed authoritarian regimes, and the issuers choose to turn a blind eye, not only the cryptocurrency industry but also global tech startups may face penetration risks and a crisis of trust.

This article Circle is not as compliant as imagined: Zach reveals that tens of millions of dollars in USDC become a money laundering tool for North Korean criminals, first appearing in Chain News ABMedia.