The Ethereum Foundation said it funded a six-month project that exposed 100 North Korean agents who had infiltrated Web3 companies under false identities.
The foundation on Thursday shared a recap of its ETH Rangers program, which launched in late 2024 to provide “stipends to individuals performing public asset security work” within the ecosystem.
One of the beneficiaries used the capital to build Project Ketman to focus on investigating “fake developers” embedded in crypto, particularly agents of the People’s Republic of Korea.
During the six-month allocation period, Project Ketman identified “100 different DPRK IT professionals working within Web3 organizations” and contacted approximately 53 projects to alert them to the potential employment of active DPRK agents.
“This work directly addresses one of the most pressing operational security threats facing the Ethereum ecosystem today,” the Ethereum Foundation said.
North Korean agents have cracked down on the crypto industry, leading to the theft of billions of cryptocurrencies over the years. One of North Korea’s most high-profile hacker groups is known as the Lazarus Group.
The Ethereum Foundation did not explain in detail how the Ketman Project was able to identify the DPRK agents. However, the project’s website offers a wide range of articles explaining the types of “tactics, behaviors and operational models” of deployed agents.
Related: CIA to integrate AI “colleagues” to process intelligence and catch spies
They include technical red flags such as reusing avatars and profile metadata across multiple GitHub accounts, exposing unrelated email addresses during accidental screen sharing, and displaying default language settings, such as Russian, that contradict their claimed nationality.
In addition to identifying North Korean agents, the Ketman Project also developed an open-source detection tool to identify suspicious activity on GitHub and co-authored an industry-standard framework for identifying DPRK IT workers in partnership with blockchain-focused nonprofit the Security Alliance.
Review: No one knows if quantum secure cryptography will even work
