Ethereum Foundation Uncovers 100 North Korean Operatives Infiltrating Web3 Companies

Gate News message, April 17 — The Ethereum Foundation has exposed a major security threat in the Web3 ecosystem. A six-month program called the ETH Rangers Program, supported by the foundation, identified approximately 100 North Korean operatives working inside Web3 companies using fake identities.

The investigation, known as the Ketman Project, tracked suspicious developer activity and uncovered operatives who had infiltrated real teams. The program flagged 53 projects that may have unknowingly worked with these individuals. Operatives applied for remote developer positions, built convincing profiles, passed interviews, and gained access to sensitive systems and data. The Ethereum Foundation described this as one of the most serious security risks facing the ecosystem today. The program also recovered or froze over $5.8 million in assets and identified 785 vulnerabilities across platforms, including bugs and attack vectors.

To address the threat, researchers developed a detection framework to help teams identify unusual behavior patterns. The Ethereum Foundation emphasized that decentralized systems require decentralized defense, calling for stronger hiring checks, better security tools, and increased awareness of North Korean infiltration tactics. The foundation stressed that as Web3 expands, protecting the ecosystem requires constant effort and global cooperation.