Ketman Project Identifies 100 North Korean IT Workers Working in Web3 | Crypto Security News
Crypto security news: Ketman Project Identifies 100 North Korean IT Workers Working in Web3. This update explains what happened, why it matters for wallets, exchanges, traders, and users, and what the market should watch next.
Crypto Security Update
The Ketman Project, funded by an Ethereum Foundation stipend, identified 100 North Korean IT workers and alerted about 53 projects employing DPRK operatives.The Ethereum Foundation said it funded a six-month project that exposed 100 North Korean operatives who had infiltrated Web3 companies under fake identities.The foundation on Thursday shared a recap of its ETH Rangers program, which was launched in late 2024 to provide “stipends for individuals doing public goods security work” within the ecosystem.One of the recipients used the capital to build the Ketman Project to focus on investigating “fake developers” embedded within crypto, particularly operatives from North Korea.During the six-month stipend period, the Ketman Project identified “100 different DPRK IT workers operating within Web3 organizations” and reached out to about 53 projects to alert them about having potentially employed active DPRK operatives.”This work directly addresses one of the most pressing operational security threats facing the Ethereum ecosystem today,” the Ethereum Foundation said.North Korean operatives have been plaguing the crypto sector, leading to billions worth of crypto stolen over the years. One of the highest-profile hacking groups from North Korea is known as the Lazarus Group.Ketman Project website articles on DPRK operatives. Source: Ketman ProjectThe Ethereum Foundation did not go into detail about how the Ketman Project was able to identify the DPRK operatives. However, the project’s website has an extensive range of articles explaining the types of “tactics, behaviors and operational patterns” the operatives deploy.Related: CIA to integrate AI ‘co-workers’ to process intelligence, catch spiesThey include technical red flags such as reusing avatars and profile metadata across multiple GitHub accounts, exposing unlinked email addresses during accidental screen sharing, and displaying default language settings, such as Russian, that contradict their claimed nationality.Alongside identifying North Korean operatives, the Ketman Project also developed an open-source detection tool to identify suspicious GitHub activity and co-authored an industry-standard framework for identifying DPRK IT workers in partnership with blockchain-focused nonprofit organization the Security Alliance.Magazine: Nobody knows if quantum secure cryptography will even workCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy
Why This Security News Matters
First, this development may affect exchange safety, wallet security, user trust, and broader market sentiment. In addition, it may influence platform security practices, fund recovery efforts, and regulatory pressure. As a result, traders and crypto users should watch the next updates closely.
What To Watch Next
Watch for official statements, post-mortem reports, wallet warnings, exchange responses, and fund recovery updates. In particular, any new details about phishing, exploits, private key exposure, or security patches could directly affect the broader crypto market.
