Metamask Owner Uncovers North Korean Developer Hidden In Its Team
- A North Korean developer spent about a month inside MetaMask, a leading crypto wallet used by more than 30 million people each month.
- Its maker, Consensys, did not know who he really was.
- Then Consensys caught him, cut his access, and found nothing had been taken.
- Consensys hired him as a consultant, not a full employee.
What Happened
That access worries investigators. Intelligence firm TRM Labs says developer setups are now the fastest route to a crypto firm’s keys. Attackers use them to reach the systems that approve withdrawals.
“We discovered the threat… and launched a comprehensive investigation that confirmed there was no misappropriation of assets or data, no malicious code deployed, and no impact to user safety and security,” Matt Corva, Consensys general counsel said in a statement to Drop Site News.
The stakes are huge. Last year, North Korean hackers stole $1.5 billion from the Bybit exchange, the FBI said. TRM Labs says the country took more than half of the $2.7 billion lost to crypto hacks in 2025.
Market Context
A North Korean developer spent about a month inside MetaMask, a leading crypto wallet used by more than 30 million people each month. Its maker, Consensys, did not know who he really was.
He used a fake name, Tyler Knapp. He helped write core wallet code. Some of it moved money between crypto and cash. Then Consensys caught him, cut his access, and found nothing had been taken.
Why It Matters
How the North Korean developer got in
He came in through a contractor. Consensys hired him as a consultant, not a full employee. On GitHub, he used the handle imyugioh. His code changes ran from March 9 until April, when the company cut him off.
Details
In April, general counsel Matt Corva told staff to halt all product releases and avoid the man. The firm alerted law enforcement and is reviewing its contractor vetting process.
Follow us on X to get the latest news as it happens
Why North Korea Keeps Trying
This was not a one-off. North Korean workers pose as engineers to win remote jobs, then steal secrets or plant a way back in. One Ethereum-funded project recently found 100 suspected North Korean IT workers across 53 crypto projects.
The trick usually starts with a fake job offer or a phony recruiter. US courts have jailed Americans for helping these workers look local.
Some crypto firms are fighting back. They now share threat intelligence to catch them early.
Consensys caught this one in time. The test is whether the next firm spots its fake hire before the code ships.
The post MetaMask Owner Uncovers North Korean Developer Hidden in Its Team appeared first on BeInCrypto.