How One Infostealer Infection Solved a Global Supply Chain Mystery and Unmasked DPRK Spies in U.S. Crypto

**Executive summary:** Hudson Rock's forensic analysis of a LummaC2-infested Windows endpoint ties a DPRK-affiliated operator to the 2024 Polyfill.io supply-chain compromise (100,000+ sites), documents extensive credential and browsing exfiltration (Cloudflare/Cloud DNS admin access, Gate.us and Funnull credentials), covert access to Gate.us compliance tooling, automated cryptocurrency laundering infrastructure, and theft of air-gapped NIMS network blueprints; the report provides IOCs, telemetry-based attribution, and a defensive detection playbook.