The Ethereum-backed probe turned up about 100 DPRK operatives tucked into crypto firms after a six-month slog with the ETH Rangers on patrol.
Researchers allied with an Ethereum-backed security program have flagged roughly 100 people inside crypto firms as DPRK-linked operatives, because the plot twists in reality are far more dramatic than any streamer’s trailer.
The Ketman Project, funded by ETH Rangers, spent six months tailing IT workers who wore disguises as ordinary hires. They used fake identities and polished resumes to slide through HR like a hovercraft on a waterless pond, apparently.
That made them harder to detect during hiring, like magicians in HR who refuse to reveal their tricks.
The findings have raised fresh concerns about insider access in Web3-insiders, not just external hackers, are now the plot twist nobody asked for.
ETH-Backed Probe Finds Wide Infiltration Across Web3
The Ketman Project says it spent six months shadowing suspected DPRK-linked IT workers, because apparently the coffee shop conversations were leads.
During that period, researchers identified roughly 100 people skulking around Web3 firms-no cape required, just a well-kept LinkedIn profile and an email domain that screams “trust me.”
They allegedly used fake names and altered work histories, which is basically every job interview in tech, but with higher stakes and fewer donuts in the break room.
That made them harder to detect during hiring, like a magician among HR posters who refuses to reveal the trick.
What a surprise: the operation wasn’t a one-off glitch but a properly organized, long-term gig. These operatives weren’t tied to a single firm; they waltzed through multiple companies like a bad influencer at a crypto conference.
They appeared across various crypto companies and teams, giving the findings a bigger stink-the investigative equivalent of crumbs leading to the bakery, except the bakery is a criminal conspiracy.
Ethereum Foundation-Backed Program Exposes 100 North Korea Operatives Infiltrating Crypto Firms
The Ketman Project, operating under the Ethereum Foundation’s ETH Rangers security program, has in the latest Ethereum news, identified approximately 100 North Korea Crypto IT operatives…
– MartyParty (@martypartymusic)
The research was backed by ETH Rangers, the security program tied to the Ethereum Foundation.
The broader program funded 17 independent researchers. It also traced more than 785 vulnerabilities across the sector. In addition, it handled 36 incident responses.
ETH Rangers also said it helped recover or freeze $5.8 million in exploited funds. Those figures placed the latest probe within a larger security effort.
Because of that, the findings drew attention beyond one investigation. They also added pressure on firms to review internal risks.
Hiring Channels Become A New Risk Area for Crypto Firms
In earlier years, North Korea-linked crypto activity often focused on outside attacks. Exchange hacks and technical exploits were common methods.
Now, the pattern appears to be changing. More actors are seeking jobs inside firms.
Once hired, workers can gain access to internal tools and shared systems. They may also reach code repositories and product workflows.
As a result, they can stay inside a company for months. That can make detection slower and more difficult.
This shift creates a different problem for security teams. Firewalls and wallet controls may block outside attacks, but not insider misuse.
Because of that, hiring checks now matter more. Access controls also become more important after onboarding.
One public example involved crypto exchange Stabble. The company issued a withdrawal alert after a DPRK IT worker entered its leadership team.
That case showed that the risk may reach senior roles. It also showed how trust inside a firm can be misused.
Read Also:
Ethereum NFT Platform Shutdown Sparks “Art Will Disappear” Fears
Larger Theft Figures Add Pressure Across The Sector
The big number: DPRK-linked crypto crime is not a fringe hobby. About $2.02 billion was stolen in 2025 alone.
That’s a 51% jump from 2024, pushing the running total to about $6.75 billion.
Another red flag in 2026: DPRK-linked attackers allegedly pulled off a $285 million exploit on Drift Protocol on April 1-practical joke perhaps, but not funny for victims.
The stolen funds are still being tracked, and the Drift attack was billed as the largest DeFi hack of the year.
Because of these cases, crypto firms are facing the question: are we hiring competent adults? More scrutiny on hiring standards, IDs, and remote work reviews, as if every onboarding is a background check rave.
Firms may also clamp down on wallet and code access, while regulators sharpen their pencils and watch employment practices like hawks with Excel open.
Read More
- ETH PREDICTION. ETH cryptocurrency
- Gold Rate Forecast
- Brent Oil Forecast
- Warning: Binance-Listed Siren Token Rallies 30X—Here’s Why You Should Stay Away
- Crypto Listings Fail: Market Dives in Disgrace 🚀💸
- Silver Rate Forecast
- TRX EUR PREDICTION. TRX cryptocurrency
- Bitcoin Tops $70,000 as US-Iran Ceasefire Talks Lift Risk Appetite
- Is Trump REALLY Winning? AOC’s Wild Call for Impeachment Over Iran Chaos!
- Dogecoin Whales Gobble 800M Coins While Solana and Bitcoin Play Market Leapfrog
2026-04-19 08:26