‘Kim Jong-Un’ gets approved for crypto account ‘Kim Jong-Un’ gets approved for crypto account

‘Kim Jong-Un’ gets approved for crypto account's account verification has come under scrutiny after ZachXBT tested its KYC process.

‘Kim Jong-Un’ gets approved for crypto account

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

An account application under the name Kim Jong-Un cleared’s Know Your Customer (KYC) checks and was approved within minutes. KYC process draws scrutiny

On-chain sleuth, ZachXBT, sought to test the hypothesis that crypto exchange accounts provide a degree of security when tracking down stolen funds.

When stolen funds go to a crypto exchange people like to assume that there is a real person with a real identity tied to an account

To debunk this, he applied for a account with the name Kim Jong-Un and an email address  “notlazarus.” ZachXBT screenshotted the application approval showing he had passed KYC and was cleared to trade cryptocurrencies on the exchange.

Furthermore, the company’s “KYC-1” basic verification tier enabled the account holder to withdraw up to 100,000 USDT daily.

It’s unclear whether ZachXBT had altered ID documentation to get to this point. Nonetheless, the outcome highlighted flaws in’s application process – particularly with regard to name checks.

To hammer home the point, ZachXBT repeated this process using made-up names and names listed on the Office of Foreign Assets Control (OFAC) sanctions list with email addresses such as “harmonyhacker” and “lazaruslover” – all of which were approved – thus contradicting the idea that bad actors shy away from using exchanges.

The Lazarus Group refers to a collective of hackers and scammers, reportedly under the direction of the North Korean government.

The group employs many strategies, including malware, as used in the 2017 WannaCry ransomware attack. And social engineering, such as baiting a senior Axie Infinity engineer to open a “job offer” file, subsequently infecting the engineer’s computer and leading to several Axie nodes being seized.

Know Your Customer

To meet Financial Action Task Force (FATF) compliance, crypto exchanges have been incorporating mandatory KYC requirements – with ByBit becoming the latest to fall in line. The company announced that all users will need to upload ID starting from May 8.

KYC critics argue that the practice limits crypto participation. Moreover, bad actors have the means and know-how to easily bypass checks – making KYC pointless in terms of achieving its goal of stopping money laundering.

Also, as demonstrated in the Ledger data breach in July 2020, storing customer information provides hackers with an additional avenue of attack. Ledger customers were threatened and doxxed after their contact information was made public.

CryptoSlate reached out to for comment on ZachXBT’s findings. No comment was received at the time of press.

Mentioned in this article
Posted In: Exchanges, Featured, KYC