100 North Korean Fake Developers Exposed: How Ethereum Foundation’s Project is Securing the Crypto Industry
Daniel Kim Views
Translation result.
The Ethereum Foundation disclosed it funded a project that identified 100 DPRK-linked operatives who had infiltrated Web3 companies by posing as employees. The finding highlights how DPRK IT operatives using fabricated identities are emerging as a broad security threat across the crypto sector.
On the 13th, the Ethereum Foundation said it awarded grants for public-good security work through the ETH Rangers program, launched at the end of 2024. One grantee used that support to build the Ketman Project, a six-month effort focused on tracking fraudulent developers in the crypto industry that identified 100 DPRK-linked IT personnel.
Warned 53 projects — zeroed in on an operational security threat
The Ketman Project corroborated indicators and contacted about 53 projects to warn they may have hired DPRK-linked personnel. The Ethereum Foundation said the effort tackles one of the most urgent operational security threats facing the Ethereum ecosystem today.
The threat from DPRK-affiliated hacking groups has long been a major industry concern. Notably, the Lazarus Group and other DPRK-linked actors have been tied to crypto heists worth tens of billions of dollars over recent years.
GitHub footprints and language settings gave investigators clues
The Ethereum Foundation did not disclose all identification methods, but the Ketman Project cataloged signs such as repeated avatars and profile details on GitHub accounts, unlinked email addresses exposed during screen sharing, and default Russian-language settings inconsistent with claimed nationalities. The work underscores that even developers who appear legitimate leave digital traces.
The project went beyond identification: it produced an open-source tool to detect suspicious GitHub activity and co-developed an industry-grade identification framework with Security Alliance, a blockchain-focused nonprofit.
This case demonstrates that security in the crypto industry extends beyond technical hardening to include personnel vetting and identity verification. As DPRK-linked intrusion attempts persist, the Ethereum ecosystem and other Web3 firms will need to sharpen and sophisticate their security posture.
💡 Frequently Asked Questions (FAQ)
Q. How do DPRK developers infiltrate companies?
Q. How can companies identify these disguised personnel?
Q. Why is this especially significant for the crypto industry?
TP AI Notice This article summary was produced using a TokenPost.ai language model. Key details may be omitted or inaccurate; consult original sources for verification.
Most Commented