Ethereum Foundation Initiative Exposes 100 North Korean IT Workers in Web3 Ecosystem

A Major Security Win for Ethereum

In a big step for crypto safety, the has uncovered 100 North Korean IT workers hiding inside Web3 companies. These workers used fake names to blend in. The Ethereum Foundation paid for a six-month project that found them. This news came out as part of their ETH Rangers program update. Launched in late 2024, this program gives money to people who do security work for the public good in the Ethereum world.

The Ethereum Foundation called this work key to fixing “one of the most pressing operational security threats facing the Ethereum ecosystem today.” North Korean groups have stolen billions in crypto. Finding these workers stops attacks before they start.

What is the ETH Rangers Program?

ETH Rangers is a fresh effort by the Ethereum Foundation. It funds solo experts or small teams to hunt for risks in the ecosystem. The goal is to make Ethereum safer for everyone. The program started late last year. It offers stipends for real security research.

One funded project, called the Ketman Project, led to this big find. Over six months, the team dug deep into patterns of sneaky behavior. They shared their results openly to help the whole industry.

How Did They Spot the 100 DPRK Workers?

The team did not share every secret trick. But their website lists clear red flags they tracked. These are simple signs that someone is not who they say:

• Reused avatars and profiles: Same photos and details on many GitHub accounts.
• Leaked emails: Real email addresses popped up by mistake during screen shares.
• Wrong device settings: Computers set to Russian language, but the person claimed to be from somewhere else.
• Odd behavior patterns: Accounts that pop up fast, work in bursts, then go quiet.

These clues built a strong way to spot fakes. The were active in Web3 orgs, from dev teams to open-source projects.

New Tools to Fight Back

The Ketman Project did more than just find people. They made an open-source tool. It scans GitHub for suspicious activity. Anyone can use it to check profiles.

They also teamed up with the Security Alliance, a nonprofit for blockchain safety. Together, they wrote a standard guide on how to ID these threats. This framework helps companies check hires and contributors better.

The Bigger Threat: DPRK in Crypto

North Korea’s hackers are a top danger in crypto. Groups like Lazarus have taken over $3 billion since 2017. They hit exchanges, bridges, and DeFi apps hard.

But the real sneaky part is infiltration. DPRK workers get jobs or contribute to code. This lets them learn secrets, plant backdoors, or steal data. The is open by design. That makes it easy for bad actors to join in.

Examples include:

• Ronin Network hack: $625 million stolen after insiders helped.
• Other cases where fake devs weakened security.

This Ethereum project hits the root. By exposing , it warns everyone to watch closer.

Why This Matters for Web3 Security

Web3 is built on trustless systems. But people still run the show. A fake dev can cause huge damage. This find shows how deep the problem goes. 100 workers mean many orgs were at risk.

Lessons for teams:

1. Check GitHub histories deeply.
2. Use video calls with screen shares carefully.
3. Match claimed locations with tech setups.
4. Run background checks on all contributors.

The open tools from this project make it easier. Ethereum leads by funding this. Other chains should follow.

What’s Next for Ethereum Safety?

ETH Rangers will keep funding more work. Expect better tools and guides soon. The community must stay alert. Share red flags. Use the new detection software.

This is a win, but the fight goes on. DPRK groups adapt fast. Web3 needs strong defenses to grow safe.

FAQ: North Korean Threats in Web3

Q: How many DPRK workers were found?
A: Exactly 100, linked to Web3 orgs.

Q: What is the Ketman Project?
A: A funded team that tracked patterns and built tools.

Q: Can I use their detection tool?
A: Yes, it’s open-source on GitHub.

Q: Why target GitHub?
A: Many Web3 jobs start there with code contributions.

Join the talk on crypto security. Stay safe in Web3!

Discuss this news on our Telegram Community. Subscribe to us on Google news and do follow us on Twitter @Blockmanity

Did you like the news you just read? Please leave a feedback to help us serve you better

Disclaimer: Blockmanity is a news portal and does not provide any financial advice. Blockmanity's role is to inform the cryptocurrency and blockchain community about what's going on in this space. Please do your own due diligence before making any investment. Blockmanity won't be responsible for any loss of funds.