Key Takeaways:
The Ketman Project, a security initiative with reported backing from the Ethereum Foundation, has identified 100 North Korean IT workers who have infiltrated numerous Web3 and crypto companies, and has issued warnings to 53 potentially compromised projects.
The threat extends beyond revenue generation. "When tasked, they can operationalize their placement and access to support strategic intelligence requirements, including intellectual property theft, network disruption or extortion,” Michael Barnhart, a nation-state investigator at DTEX, told CyberScoop.
This discovery is the latest development in a long-running scheme by the Democratic People’s Republic of Korea (DPRK) to fund its regime. U.S. authorities recently sentenced two New Jersey men, Kejia Wang and Zhenxing Wang, to prison for helping facilitate the scheme, which involved creating shell companies and "laptop farms" to help operatives gain employment at over 100 U.S. companies, generating more than $5 million for North Korea.
The presence of these state-sponsored operatives creates a significant security risk for the entire crypto ecosystem, threatening not just company assets but also user funds and sensitive intellectual property. The news raises concerns about the vetting processes at crypto firms and could trigger widespread security audits as exchanges and DeFi protocols race to identify potential insider threats.
The North Korean IT worker scheme is a highly organized and evolving operation. Facilitators in the U.S. and elsewhere help operatives, who use stolen identities of American citizens, to appear as legitimate remote workers. According to the Department of Justice, this allows them to get hired by unsuspecting companies, including many Fortune 500 firms and, as the Ketman Project reveals, numerous crypto platforms.
While the primary goal is often to funnel salaries back to Pyongyang, the access gained is dual-use. In one case cited by officials, operatives stole sensitive, export-controlled files from a U.S. defense contractor. For crypto firms, this could mean the theft of private keys, source code, or user data, leading to catastrophic financial losses.
The report from the Ketman Project serves as a stark warning to the Web3 industry, which has long been a primary target for North Korean hacking groups like Lazarus. The U.S. government has been actively cracking down on the network, sanctioning individuals and entities and seizing cryptocurrency linked to the schemes. The sentencing of U.S.-based facilitators shows that law enforcement is targeting all levels of the operation. For crypto companies, the challenge is now to bolster internal security and hiring protocols to detect these fraudulent workers who may already be inside their networks.
This article is for informational purposes only and does not constitute investment advice.
