Ethereum Foundation-funded program exposes 100 DPRK workers in crypto

By Cointelegraph by Brian Quarmby · Published April 17, 2026 · 2 min read · Source: CoinTelegraph

Written by Brian Quarmby,Staff Writer

Reviewed by Felix Ng,Staff Editor

Ethereum Foundation-funded program exposes 100 DPRK workers in crypto

40 minutes ago

The Ketman Project, funded by an Ethereum Foundation stipend, identified 100 North Korean IT workers and alerted about 53 projects employing DPRK operatives.

Ethereum Foundation-funded program exposes 100 DPRK workers in crypto — News

Cointelegraph in your social feed

Subscribe on Subscribe on

The Ethereum Foundation said it funded a six-month project that exposed 100 North Korean operatives who had infiltrated Web3 companies under fake identities.

The foundation on Thursday shared a recap of its ETH Rangers program, which was launched in late 2024 to provide "stipends for individuals doing public goods security work" within the ecosystem.

One of the recipients used the capital to build the Ketman Project to focus on investigating “fake developers” embedded within crypto, particularly operatives from the People's Republic of Korea.

During the six-month stipend period, the Ketman Project identified "100 different DPRK IT workers operating within Web3 organizations" and reached out to about 53 projects to alert them about having potentially employed active DPRK operatives.

"This work directly addresses one of the most pressing operational security threats facing the Ethereum ecosystem today," the Ethereum Foundation said.

North Korean operatives have been plaguing the crypto sector, leading to billions worth of crypto stolen over the years. One of the highest-profile hacking groups from North Korea is known as the Lazarus Group.

*Ketman Project website articles on DPRK operatives. Source:* *Ketman Project*

The Ethereum Foundation did not go into detail about how the Ketman Project was able to identify the DPRK operatives. However, the project's website has an extensive range of articles explaining the types of "tactics, behaviors and operational patterns" the operatives deploy.

They include technical red flags such as reusing avatars and profile metadata across multiple GitHub accounts, exposing unlinked email addresses during accidental screen sharing, and displaying default language settings, such as Russian, that contradict their claimed nationality.

Alongside identifying North Korean operatives, the Ketman Project also developed an open-source detection tool to identify suspicious GitHub activity and co-authored an industry-standard framework for identifying DPRK IT workers in partnership with blockchain-focused nonprofit organization the Security Alliance.

Magazine: Nobody knows if quantum secure cryptography will even work

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy

This article was originally published on CoinTelegraph and is republished here under RSS syndication for informational purposes. All rights and intellectual property remain with the original author. If you are the author and wish to have this article removed, please contact us at [email protected].