Thistle Capital Thistle Capital Thistle Capital
Ethereum Foundation-Backed Program Exposes 100 Nort Korea Operatives Infiltrating Crypto Firms

Ethereum Foundation-Backed Program Exposes 100 Nort Korea Operatives Infiltrating Crypto Firms


  • Ethereum
  • Blockchain
  • Markets
  • Altcoins
  • Cryptocurrency
  •
    SEE ALL NEWS

    The Ketman Project, operating under the Ethereum Foundation’s ETH Rangers security program, has in the latest Ethereum news, identified approximately 100 North Korea Crypto IT operatives embedded inside Web3 companies using fabricated identities, the result of a six-month investigation that ended with one of the most detailed public tallies of DPRK insider infiltration in the sector’s history.

    The threat model has shifted. Where North Korea’s state-level crypto operations once centered on remote exploits and exchange hacks, the 2025 pattern is coordinated workforce infiltration, operatives passing HR screenings, accessing internal repositories, and sitting inside product teams for months before detection.
    • Investigation duration: Six months, conducted by the Ketman Project with ETH Rangers support
    • DPRK theft scale: $2.02 billion stolen in 2025 alone – a 51% increase from 2024 – pushing cumulative haul to $6.75 billion
    • Drift Protocol hack: DPRK-linked attackers executed a $285 million exploit on April 1, 2026, the largest DeFi hack of the year
    • Real-world case: Exchange Stabble issued a withdrawal alert after a DPRK IT worker infiltrated its leadership team
    • Watch: Investigators are actively tracking Drift exploit proceeds; regulatory scrutiny on DeFi employment vetting expected to intensify

    Discover: The best crypto to diversify your portfolio with

    Ethereum News: How the ETH Rangers Crypto Investigation Actually Worked – and What 100 North Korea Operatives Really Means

    ETH Rangers launched in late 2024 through a partnership between the Ethereum Foundation, Secureum, The Red Guild, and the Security Alliance (SEAL), deploying 17 independent security researchers across a six-month mandate to strengthen the Ethereum ecosystem defenses.

    The Ketman Project was one of those funded efforts, and its output went well beyond the typical audit or bug bounty scope.

    Identifying 100 operatives means matching fabricated identities to known DPRK tradecraft patterns: inconsistent work histories, communication behaviors suggesting time-zone masking, payment routing through specific intermediaries, and technical fingerprints that recur across unrelated applicants. That’s intelligence work, not just security research.

    It requires sustained monitoring across job boards, GitHub activity, hiring pipelines, and behavioral signals inside existing teams.

    Author

    Ahmed Barakat

    Source

    finance.yahoo.com

    ORACLEˆ

    A Powerful AI Strategy & Indicator

    ORACLE^ Circles and Trend Line

    Clear and concise chart visuals, the only indicator you will ever need!

    Ready to Use

    Configured out of the box for practically any market, cryptocurrency or securities. Leveraging the power of Tradingview.com

    Trade with confidence

    Use the ORACLE^ Circles and Trend Line to make easy data backed trading decisions

    We built one of the smartest in class Indicators that is a powerful trading tool to help magnify your investment gains in practically any market.

    With the ORACLE^ Circles that light up red or green, you won't have to worry about indecisive short or long trade entries. The ORACLE^ Trend Line provides further confidence on market direction giving you a higher chance of executing a profitable trade, everytime.

    DISCOVER