Key Highlights
- An Ethereum Foundation-funded initiative flagged 100 North Korean-linked IT operatives embedded across 53 crypto projects using fake identities.
- The six-month ETH Rangers Program uncovered 785 vulnerabilities and supported 36 incident responses across Web3 projects.
- Researchers recovered $5.8M and tracked fake-ID IT workers tied to DPRK across 53 crypto projects.
The Ethereum Foundation said it has helped identify about 100 individuals linked to North Korea following a six-month coordinated security effort across the crypto industry.
The findings, released through the foundation’s ETH Rangers Program, were developed in collaboration with external blockchain security groups. Developed in collaboration with prominent blockchain security groups—including Secureum, The Red Guild, and the Security Alliance (SEAL)—the program uncovered hundreds of critical vulnerabilities and neutralized active threats embedded deep within the Web3 ecosystem.
ETH Rangers Program delivers security gains
The ETH Rangers Program brought together top-tier security groups including Secureum, The Red Guild and SEAL, while also funding independent researchers focused on improving Ethereum’s security.
Over a six-month period, participants reported more than 785 vulnerabilities and supported over 36 incident responses, according to figures shared by the initiative. The program also helped recover or freeze over $5.8 million in stolen and frozen funds and reached more than 209,000 views and users through awareness campaigns.
The foundation said the results underscore the need for coordinated security efforts across decentralized systems. One initiative, known as Ketman Project, focused on identifying North Korean-linked IT workers using fake identities.
Researchers contacted 53 projects and flagged about 100 suspected operatives, while also developing tools to detect suspicious GitHub activity and sharing intelligence across participating teams.
Rising threat from state-backed crypto hacks
Ethereum Foundation’s findings arrive amid an escalating threat from North Korea within the digital asset space. Blockchain analytics firm Chainalysis previously revealed that DPRK-linked hackers stole an estimated $2.02 billion in crypto in 2024 alone. Recent high-profile attacks, such as the $280 million Drift Protocol exploit, have further exposed the industry’s vulnerability to insider threats and compromised infrastructure.
In response, U.S. authorities have ramped up legal and punitive measures. The Department of Justice recently secured multi-year prison sentences for two individuals who helped DPRK IT workers gain illicit access to U.S. companies. However, the sheer scale of the 100 newly flagged operatives implies the danger remains pervasive.
The liability of crypto businesses is also facing intense scrutiny. Organizations like Circle Internet Financial are currently battling class-action lawsuits over their delayed responses to freezing assets stolen by North Korean hackers, pushing the industry to rethink its incident response protocols.
The success of the ETH Rangers Program sets a new standard for collaborative defense in DeFi. As threat actors grow more sophisticated, the Ethereum Foundation’s findings are expected to prompt tighter hiring guidelines, enhanced contributor verification, and deeper cooperation between protocols and security researchers.
Also Read: France Plans New Security Measures Amid Rise in Crypto Attacks
