All news is verified and thoroughly reviewed by leading blockchain experts and seasoned industry insiders.
- A security project backed by the Ethereum Foundation says it has identified about 100 suspected DPRK IT workers involved in cryptocurrency companies.
- Kitman’s team said it has contacted approximately 53 projects, and is now helping companies use honeypots at the interview stage to detect bad actors early.
The Ethereum Foundation highlights one of the less obvious security risks of cryptocurrencies: hostile actors are set up before anything needs to be hacked.
According to information shared by @FORAB, a recent Ethereum Foundation grant review highlighted Project Ketman, a project focused on identifying… North Korean agents infiltrate the cryptocurrency industry using fake developer identities. The team said that during its work, it reached nearly 53 projects and discovered about 100 active DPRK IT workers working within Web3 organizations.
The threat starts at recruitment, not at exploitation
That’s what makes this story even more disturbing than a routine hack report. The problem is not limited to stolen or compromised keys Smart contracts. It is employment.
I’m leaving He says These clients often use fake Japanese identity documents to secure remote engineering roles at cryptocurrency companies. Once inside, they can access internal tools, repositories, workflows, and security measures long before an on-chain attack can occur.
For an industry built on distributed teams and rapid hiring, that creates a different kind of vulnerability. Cryptocurrency companies tend to think of defense in terms of code audits and wallet security. Kitman’s work suggests that the first line of defense may need to be early, at the interview stage.
Honeypots carry over into the hiring process
The project is now helping cryptocurrency teams build honeypots employing workflows to identify suspicious applicants before they join. This is a noticeable shift. This means that some companies are starting to treat hiring as an operational security layer, rather than just an HR function.
The broader message is fairly clear. North Korea-related threats in the cryptocurrency space are no longer limited to external attacks. They are increasingly associated with stealth, patience and insider access.
For the Ethereum Foundation, supporting a project like Kitman also indicates a broader understanding of ecosystem security. Web3 protection is not just about correcting contracts after the fact. It’s about knowing who’s trying to get into the company before the code is shipped.
