In a significant development, the Ethereum Foundation has revealed details of a funded initiative that successfully identified around 100 individuals linked to North Korea who had quietly embedded themselves inside Web3 organizations using fabricated identities.
The disclosure came through a recap of the foundation’s ETH Rangers program, a initiative launched in 2024 designed to provide financial stipends to individuals carrying out public goods security work across the ecosystem.
One of those stipend recipients used the funding to build and operate what became known as the Ketman Project, a focused investigation into fake developers operating inside crypto organizations, with particular attention on operatives believed to be connected to North Korea.
Over the six-month stipend period, the Ketman Project traced roughly 100 North Korean IT workers who had taken up positions within Web3 organizations while concealing their true identities. As per the investigation, researchers connected with around 53 projects to warn them that they may have unknowingly hired active operatives from the Democratic People’s Republic of Korea(DPRK). The foundation noted that the findings highlight the urgent need for stronger, coordinated security efforts across decentralized systems.
The threat posed by embedded operatives is considered especially serious given the level of access they can accumulate over time.
North Korean hacking outfits, most notably the Lazarus Group, have been responsible for a sustained campaign of theft across the crypto industry over several years. Blockchain analytics firm Chainalysis previously reported that hackers with ties to North Korea stole an estimated $2.02 billion worth of cryptocurrency in 2024 alone.
