Ethereum Foundation-Backed Program Exposes 100 Nort Korea Operatives Infiltrating Crypto Firms
The Ketman Project, operating under the Ethereum Foundation’s ETH Rangers security program, has in the latest Ethereum news, identified approximately 100 North Korea Crypto IT operatives embedded inside Web3 companies using fabricated identities, the result of a six-month investigation that ended with one of the most detailed public tallies of DPRK insider infiltration in the sector’s history.
The threat model has shifted. Where North Korea’s state-level crypto operations once centered on remote exploits and exchange hacks, the 2025 pattern is coordinated workforce infiltration, operatives passing HR screenings, accessing internal repositories, and sitting inside product teams for months before detection..
Key Takeaways:
Operatives identified: ~100 DPRK IT workers found using fake identities inside Web3 firms
Investigation duration: Six months, conducted by the Ketman Project with ETH Rangers support
Program scope: ETH Rangers funded 17 independent researchers, recovered or froze $5.8M in exploited funds, traced 785+ vulnerabilities, handled 36 incident responses
DPRK theft scale: $2.02 billion stolen in 2025 alone – a 51% increase from 2024 – pushing cumulative haul to $6.75 billion
Drift Protocol hack: DPRK-linked attackers executed a $285 million exploit on April 1, 2026, the largest DeFi hack of the year
Real-world case: Exchange Stabble issued a withdrawal alert after a DPRK IT worker infiltrated its leadership team
Watch: Investigators are actively tracking Drift exploit proceeds; regulatory scrutiny on DeFi employment vetting expected to intensify
#ETH #NorthKoreaHackers #BTC $ETH
