Ethereum-Funded Project Exposes 100 North Korean It Workers In Crypto
- A recent Ketman investigation detailed how DPRK-linked actors posed as Japanese developers on the Web3 freelance platform OnlyDust.
- Investigators confirmed the deception during a video call when one suspect, asked to introduce himself in Japanese, removed his headset and left the call.
- The team traced at least three actor clusters across 11 repositories, where 62 pull requests were merged before detection.
- Beyond individual investigations, Ketman developed gh-fake-analyzer, an open-source GitHub profile analysis tool now available on PyPI.
What Happened
A recent Ketman investigation detailed how DPRK-linked actors posed as Japanese developers on the Web3 freelance platform OnlyDust.
Investigators confirmed the deception during a video call when one suspect, asked to introduce himself in Japanese, removed his headset and left the call.
Beyond individual investigations, Ketman developed gh-fake-analyzer, an open-source GitHub profile analysis tool now available on PyPI.
The ETH Rangers Program, launched in late 2024 alongside Secureum, The Red Guild, and SEAL, funded 17 stipend recipients in total.
North Korean operatives have stolen billions in crypto assets in recent years. Security researchers warn that IT worker infiltration often serves as a stepping stone for larger supply chain attacks coordinated by DPRK hacking teams.
Market Context
The Ethereum Foundation-funded Ketman Project has identified approximately 100 suspected North Korean IT workers operating across 53 crypto projects, according to an ETH Rangers Program recap published on April 16.
Why It Matters
The six-month initiative, backed through stipends from the Ethereum Foundation’s ETH Rangers Program, focused specifically on detecting and expelling DPRK operatives who had infiltrated Web3 organizations under fabricated identities.
How North Koreans Use Forged Identities and Fake KYC Documents
Details
The operatives used AI-generated profile photos, fabricated names such as “Hiroto Iwaki” and “Motoki Masuo,” and submitted forged Japanese identity documents during verification.
The team traced at least three actor clusters across 11 repositories, where 62 pull requests were merged before detection.
Open-Source Tools and Industry Framework
The project also co-authored the DPRK IT Workers Framework with the Security Alliance (SEAL), which has become a standard industry reference.
Consolidated outcomes included over $5.8 million in recovered funds, 785 reported vulnerabilities, and 36 incident responses handled.
The post Ethereum-Funded Project Exposes 100 North Korean IT Workers in Crypto appeared first on BeInCrypto.