Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Inside the Trump Family’s $1.2B Crypto Windfall Who Paid the Price
    Inside the Trump Family’s $1.2B Crypto Windfall: Who Paid the Price?
  • Opinion
    OpinionShow More
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

North Korean IT Workers Infiltrating DeFi for Years, Says Researcher

Taylor Monahan warns that DPRK developers helped build major DeFi protocols, using legitimate blockchain skills that made them difficult for firms to detect.

Written By Kenrodgers Fabian Kenrodgers Fabian
Fact Checked by Divya Mistry Divya Mistry
Published 2026-04-06
Make The Crypto Times preferred on GoogleGoogle
Share
North Korean IT Workers Infiltrating DeFi for Years, Says Researcher

Key Highlights

  • North Korean developers have quietly embedded themselves in DeFi projects for years, creating hidden, long-term security risks in the ecosystem.
  • Hacks linked to the Lazarus Group continue to surge, exposing critical vulnerabilities in hiring checks and highlighting the danger of insider threats.
  • Crypto firms are facing pressure to tighten vetting and security as attacks grow despite improving overall industry defenses.

North Korean IT workers have been quietly joining decentralized finance (DeFi) projects since at least the year 2020, raising severe security concerns across the industry. MetaMask security researcher Taylor Monahan claimed more than 40 DeFi platforms have inadvertently employed these state-sponsored developers at some point. 

“Lots of DPRK IT workers built the protocols you know and love, all the way back to DeFi summer,” she said in a post on X. She shared that many of these workers had real blockchain experience, making it hard for companies to spot potential risks.

Yuppppppp

Lots of DPRK IT Workers built the protocols you know and love, all the way back to defi summer

The “7 years blockchain dev experience” on their resume is not a lie. https://t.co/EQNgl5KhJ5

— Tay 💖 (@tayvano_) April 5, 2026

The increasing threat of North Korean “developers” in DeFi comes as high-profile crypto hacks linked to the Lazarus Group are on the rise. R3ACH experts say the group has stolen roughly $7 billion in crypto since 2017. Major attacks attributed to the group include the $625 million Ronin Bridge hack in 2022, the $235 million WazirX breach in 2024, and the $1.4 billion Bybit heist in 2025. 

Rising threats in crypto hiring

The freshest case linked to DPRK operatives is the Drift Protocol exploit. In early April 2026, the Solana-based protocol reported a $280 million hack, marking the largest DeFi exploit of 2026 to date. The attack slashed the protocol’s total value locked (TVL) from $550 million to under $250 million and involved months of careful planning. 

“It was a structured intelligence operation requiring organizational backing, significant resources, and months of deliberate preparation,” the protocol said in its post-mortem. 

In light of this, Titan Exchange Founder Tim Ahhl also shared that his team once interviewed a candidate who later turned out to be a Lazarus operative, highlighting how stealthy and persistent these infiltrators can be.

The threat extends beyond smart contracts into operational security. On March 1, 2026, crypto e-commerce platform Bitrefill suffered a cyberattack that utilized methods similar to previous Lazarus attacks. Hackers used an employee’s old password to access a snapshot of sensitive production data. From there, they moved into databases and crypto wallets, showing that insider access remains a serious vulnerability.

Mitigation and industry response

Despite the increase in attacks, blockchain investigator ZachXBT says the tactics are simple. “Threats via job postings, LinkedIn, email, Zoom, or interviews are basic and in no way sophisticated … the only thing about it is they’re relentless,” he said. 

Because of this, companies need stronger background checks, identity verification, and code audits. Tools like the Beacon Network can also flag suspicious wallets and alert exchanges immediately.

The crypto industry saw illicit cryptocurrency inflows jump to $158 billion in 2025, up from $64.5 billion in 2024, according to the TRM Labs 2026 report. Still, illicit activity as a share of total on-chain volume fell slightly to 1.2%, showing that defenses are improving even as nation-state actors continue targeting crypto systems.

As DeFi continues to mature, mitigating insider risks and supply chain weaknesses is now just as critical as preventing technical smart contract hacks. Balancing the ethos of an open, permissionless ecosystem with the harsh reality of state-sponsored cyber warfare remains one of the greatest challenges facing the crypto industry today.

Also Read: Not Legal Tender: Rwanda Issues Warning Over Bybit’s FRW P2P Trading

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News
Google News Banner

TAGGED:North Korea
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link
Fabian is Crypto Journalist at The Crypto Times
By Kenrodgers Fabian
Follow:
Kenrodgers Fabian is a Crypto Journalist at The Crypto Times, based in Kenya. He reports on high-profile global financial fraud, investment scams, phishing schemes, and cross-chain protocol exploits. His coverage heavily tracks systemic crypto vulnerabilities, ecosystem security breaches, and central bank shifts toward stablecoins and tokenized finance infrastructure. All investigative coverage on crypto cybercrimes and security events passes through his desk before publication. His four years in fast-paced crypto media have shaped his structured approach to deciphering malicious smart contracts, verifying data-heavy fraud cases, and providing accurate reporting on digital currency risks.
Divya Mistry
By Divya Mistry
Follow:
Divya Mistry is the Senior Editor at The Crypto Times. She leads the central editorial desk, overseeing the review and publication of policy analyses, investigative reports, exchange coverage, and protocol exploit stories. Her editorial remit spans digital asset markets, global exchange operations, cross-border digital asset settlements, regulatory developments, and other key developments shaping the cryptocurrency industry. Divya brings more than a decade of experience in editorial strategy, content development, public relations, marketing communications, and research. Before joining The Crypto Times, she worked across multiple sectors, including finance, technology, education, healthcare, real estate, entertainment, lifestyle, and vertical transport, contributing to both digital and print publications. Her research and content work has been featured on platforms including DNA India, Zee, Forbes, and Elevator World India. She holds a Master's degree in English Literature from the University of Mumbai. Drawing on her background in long-form publishing, research, and editorial leadership, she reviews and refines complex stories to ensure accuracy, clarity, and strong editorial standards before publication.

Latest News

Weekly Wrap: MiCA Kicks In, Trump's Crypto Fortune Tops $1B, Bitcoin Rebounds
Weekly Wrap: MiCA Kicks In, Trump’s Crypto Fortune Tops $1B, Bitcoin Rebounds
Pak Deputy PM Ishaq Dar's Relative Arrested in Crypto Extortion Case
Pak Deputy PM Ishaq Dar’s Relative Arrested in Crypto Extortion Case
Kalshi Nears $10B Monthly Volume as Prediction Markets Grow
Kalshi Nears $10B Monthly Volume as Prediction Markets Grow
Algorand Calls for Shared Post-Quantum Crypto Security Standards
Algorand Calls for Shared Post-Quantum Crypto Security Standards
Vitalik Buterin Unveils Lean Ethereum Roadmap for Next Era
Vitalik Buterin Unveils Lean Ethereum Roadmap for Next Era 

Find Us on Socials

You may also like

Aave DAO Clears stcUSD Listing for MegaETH Lending Market

Aave DAO Clears stcUSD Listing for MegaETH Lending Market 

Gnosis Pay Restores 100% User Funds After $1.8M Crypto Exploit

Gnosis Pay Restores 100% User Funds After $1.8M Crypto Exploit

Hinkal Protocol Reveals Initial Cause Behind $820K Ethereum Exploit

Hinkal Protocol Reveals Initial Cause Behind $820K Ethereum Exploit

Hinkal Protocol Exploited 450+ ETH Laundered via Tornado Cash & THORChain

Hinkal Protocol Exploited: $820K Laundered via Tornado Cash & THORChain

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information