Ethereum Foundation Probe Uncovers 100 North Korean Operatives Inside Crypto Firms

A security investigation backed by the Ethereum Foundation has identified 100 individuals with ties to North Korea secretly embedded inside cryptocurrency companies worldwide, raising urgent questions about how easily state-sponsored operatives can penetrate the digital finance industry.

The probe, conducted over six months through a program called the Ketman Project, traced covert contributors across dozens of blockchain organizations and alerted 53 projects believed to have unknowingly hired the operatives, according to a review of publicly available research documents. The Ethereum Foundation funded the initiative through its ETH Rangers program, launched in late 2024 to support independent security experts defending the network's infrastructure.

Researchers linked many of the identified developers to the Lazarus Group, a North Korean state-backed cybercrime organization. Since 2017, attacks attributed to DPRK-connected agents have drained an estimated $7 billion from cryptocurrency platforms globally. High-profile breaches attributed to the group include the Ronin Bridge hack and the WazirX exchange compromise.

The infiltration's effectiveness stemmed from its simplicity. Operatives submitted standard job applications, cultivated professional online profiles, and cleared video interviews — the ordinary machinery of remote hiring. Red flags only emerged on close inspection: recycled profile photos, mismatched language settings across accounts, and stray email addresses that surfaced during code reviews or collaborative sessions.

To combat the threat, the Ketman Project partnered with the Security Alliance, a web3-focused cybersecurity coalition, to publish detection guidelines and release an open-source tool capable of flagging suspicious contributor patterns across GitHub repositories and project codebases.

For Treasure Coast residents, the stakes are closer than they may appear. Florida ranks among the top states for cryptocurrency adoption, and local investors and developers in Martin, St. Lucie, and Indian River counties who participate in decentralized finance platforms — or hold assets on compromised networks — face direct exposure to the systemic vulnerabilities the investigation describes. The Ketman Project's open-source detection tool is publicly available; organizations are urged to review contributor histories for the patterns researchers identified.

This article was generated with AI assistance using publicly available information. It was reviewed and approved by a human editor before publication. TC Sentinel uses AI writing tools in accordance with FTC guidelines.