Unmasking North Korean IT Operatives in Crypto Sector
We have always followed the principles of transparency and clear information. Some of our content includes affiliate links, and we may earn a small commission through these partnerships. These partnerships do not influence our editorial independence or opinion. By using our site, you accept our privacy policy and terms and conditions.
A Senior Altcoin Analyst, Sarah combines on-chain data with a background in venture capital research. With a Masterβs in Computer Science, she provides precise evaluations…
Cryptocurrency is a high-risk asset class, and investing carries significant risk, including the potential loss of some or all of your investment. The information on this website is provided for informational and educational purposes only and does not constitute financial, investment, or gambling advice. Cryptowinx does not endorse any specific exchange or gaming platform. For more details, please read our terms and full disclaimer.
Cryptowinx navigates the digital asset universe with a dynamic, forward-looking vision. Throughout our evolution, we have followed every market cycle, from vertical rises to corrections, always remaining a solid point of reference for our community. Our team is made up of industry experts and analysts who experience the blockchain ecosystem daily: we constantly monitor Bitcoin’s stability, study the expansion of the Ethereum ecosystem, and analyze the new frontiers of crypto casinos. We are committed to absolute editorial integrity, separating the signal from the noise through rigorous fact-checking and multi-perspective news analysis. In a landscape where innovations emerge in moments, our mission is to simplify complex concepts and offer transparency into what is established and what is still experimental.
Learn more Cryptowinx
A recent initiative financed by the Ethereum Foundation has shed light on around 100 suspected North Korean IT professionals engaged in 53 cryptocurrency projects.
This effort, known as the Ketman Project, has been active for six months and was made possible through the Ethereum Foundation’s ETH Rangers Program. Its main objective was to uncover and eliminate DPRK agents who had infiltrated Web3 organizations using false identities.
As part of the investigation, it was revealed that actors linked to North Korea masqueraded as Japanese software developers on the freelance platform OnlyDust. They utilized AI-generated images for their profiles and adopted fictitious names such as ‘Hiroto Iwaki’ and ‘Motoki Masuo.’ During the verification process, these operatives presented forged Japanese identification documents.
Investigators confirmed their suspicions during a video call when one individual abruptly exited after being asked to introduce himself in Japanese. This incident highlighted the lengths to which these operatives were willing to go to maintain their cover.
Through meticulous tracking, the team identified multiple clusters of these actors across various repositories. In total, they noted 62 pull requests that had been integrated before the operatives’ identities were uncovered.
In addition to individual cases, Ketman created a tool called gh-fake-analyzer designed to help detect fraudulent online identities. Furthermore, they collaborated with Security Alliance (SEAL) to produce the DPRK IT Workers Framework, which has been recognized as a key resource in the industry.
The ETH Rangers Program, initiated in late 2024 alongside partners such as Secureum and The Red Guild, has supported 17 recipients with financial stipends. The collective achievements of this program include recovering over $5.8 million in assets, identifying 785 security vulnerabilities, and managing 36 incidents involving breaches.
North Korean operatives have been implicated in the theft of billions worth of cryptocurrency in recent years. Security analysts warn that the infiltration of IT workers is frequently a precursor to more extensive supply chain attacks orchestrated by DPRK hacking groups.
Leave the reaction
Sarah Chen
Commentaries
Add your comment
Fill in necessary fields and publish