A researcher, funded by a six-month grant, created both a freely available detection tool and a widely-used identification system.
A report from the Ethereum Foundation details the results of the ETH Rangers program, launched in late 2024. This initiative provides funding for security improvements that help the entire cryptocurrency community.
One Researcher, One Stipend, 100 Operatives
One of the groups receiving funding used the money to create the Ketman Project, which researches fake identities used by people working at cryptocurrency companies.
As part of my research over the past six months, I identified 100 IT workers originating from North Korea who are currently working within various Web3 organizations. I then reached out to approximately 53 projects, alerting them to the possibility that they may have unknowingly employed individuals with ties to the Democratic People’s Republic of Korea.
The Ethereum Foundation says this is currently one of the biggest security risks to the Ethereum network.
A project supported by the Ethereum Foundation discovered 100 IT workers from North Korea who were secretly working at Web3 companies under fake identities.
— CryptOpus (@ImCryptOpus) April 17, 2026
The Ketman Project’s website details the methods these individuals employ—specifically, the behaviors, technical skills, and deceptive techniques they use to appear like real software developers.
Surprisingly, some of the warning signs were quite simple. For example, people were discovered using the same profile pictures and information on multiple GitHub accounts.
I was pretty shocked to learn that during some screen shares, email addresses that weren’t connected to accounts were briefly visible. Even more concerning, the language settings on some people’s devices – specifically, being set to Russian – hinted that their claimed nationalities weren’t accurate. It definitely raised some red flags for me as an investor.
How Operatives Were Caught
The Ketman Project went beyond simply finding people involved. It also created tools and systems to help with the process. One such tool, available for anyone to use and improve, automatically highlighted strange activity on GitHub linked to potentially harmful accounts.
We worked with the Security Alliance, a nonprofit specializing in blockchain security, to create a new system for spotting workers connected to North Korea. This system, along with related information, is now publicly available for other groups to utilize.
According to reports, the Ethereum Foundation hasn’t revealed exactly how they identified those involved, beyond what’s already been published by the Ketman Project itself. However, the Ketman Project’s website does explain in detail the behaviors that led to those individuals being discovered.
A Threat Measured In Billions
North Korea has been involved with cryptocurrency for some time. Hacking groups believed to be connected to the government, such as the Lazarus Group, have been responsible for some of the biggest crypto thefts ever recorded.
Over the years, North Korean hackers are believed to have stolen billions of dollars worth of digital currencies and other online assets.
The ETH Rangers program fills important security needs by funding people to work on projects that benefit the public.
The Ketman Project is among the first to share its results publicly. It’s currently unknown if other projects funded by the same grant have achieved comparable outcomes.
Read More
- ETH PREDICTION. ETH cryptocurrency
- Gold Rate Forecast
- Warning: Binance-Listed Siren Token Rallies 30X—Here’s Why You Should Stay Away
- Altcoins About to Explode? You Won’t Believe What’s Next for These 4 in May 2025 🚀
- Trump’s Pick for Fed Chair: Kevin Warsh’s Billion-Dollar Crypto & AI Empire
- Brent Oil Forecast
- Ethereum’s Transaction Surge: Price Dives, But Who Cares? The Blockchain Party Continues!
- USD INR PREDICTION
- Bitcoin’s Rally: The Unlikely Hero of the Financial World! 🚀💰
- UK’s iCloud Backdoor Drama: Crypto Wallets in Peril 🚨
2026-04-17 22:58