{"id":82250,"date":"2026-04-17T18:32:13","date_gmt":"2026-04-17T18:32:13","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=82250"},"modified":"2026-04-17T18:32:13","modified_gmt":"2026-04-17T18:32:13","slug":"ethereum-targets-north-koreas-secret-workforce-are-your-favorite-defi-protocols-compromised","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=82250","title":{"rendered":"Ethereum Targets North Korea\u2019s Secret Workforce \u2014 Are Your Favorite DeFi Protocols Compromised?"},"content":{"rendered":"
\n

The Ethereum Foundation exposed 100 Democratic People\u2019s Republic of Korea (DPRK)\u2011linked IT workers embedded across roughly 53 crypto projects.<\/p>\n

Ethereum Foundation Levels Up Its Security With A Detective Program<\/h2>\n

The North Korean secret crypto-agents don\u2019t rest, so the Ethereum Foundation decided it was time they put on the detective\u2019s hat to track them before they too fell victims to them, just as Drift Protocol was at the beginning of the month<\/a>. And so, yesterday afternoon the Foundation announced on an official blog pos<\/a>t the starking results yielded by the ETH Rangers Program (and yes, everything related to North Korean hackers inevitably sounds straight out of an RPG or action movie).<\/p>\n

\n

The ETH Rangers Program has wrapped up and the results speak for themselves: $5.8M+ recovered, 785+ vulnerabilities reported, 100+ DPRK operatives identified, and so much more.<\/p>\n

A decentralized defence for a decentralized network.<\/p>\n

Read the full recap \"\ud83d\udc47\"<\/p>\n

\u2014 EF Ecosystem Support Program (@EF_ESP) April 16, 2026<\/a><\/p>\n<\/blockquote>\n

According to the blog post, the Ethereum Foundation teamed up with Secureum, The Red Guild, and Security Alliance (SEAL) in late 2024 to roll out said program. The initiative offered stipends to people carrying out public\u2011goods security work across the Ethereum ecosystem.<\/p>\n

Related Reading: Blockchain Is South Korea\u2019s New Fiscal Weapon \u2014 A Blow To Privacy?<\/a><\/p>\n

The program\u2019s mission consisted in backing independent security initiatives that strengthen Ethereum\u2019s overall robustness, while spotlighting and rewarding contributors with a proven history of delivering high\u2011impact security work for the broader network.<\/p>\n

After six months, the results of the program speak for itself.<\/p>\n

The DPRK Crypto-Infiltration Saga, Parth Who-Is-Even-Counting-At-This-Point<\/p>\n

The ETH Rangers Program funded multiple crypto-security projects, but the Ketman Project was the one \u201cfocused on discovering and expelling North Korean (DPRK) IT workers who have infiltrated blockchain projects under fake identities\u201d, per the blog post.<\/p>\n

Over the six months of the investigation, they contacted roughly 53 different projects and uncovered around 100 DPRK IT operatives embedded inside Web3 organizations.<\/p>\n

Their findings were shared in a series of detailed reports on ketman.org, which drew more than 3,300 active users and 6,200 page views, and explored themes such as account\u2011takeover techniques, the infiltration of freelance platforms, and emerging DPRK\u2011Russia ties. They also built and open\u2011sourced gh\u2011fake\u2011analyzer, a GitHub profile analysis tool designed to flag suspicious activity patterns, which is now available via PyPI.<\/p>\n

In addition, they co\u2011authored the DPRK IT Workers Framework with SEAL, a document that has quickly become a go\u2011to reference for the industry, and supplied crucial data to the Lazarus.group threat\u2011intel project, with their work highlighted in a presentation at DEF CON.<\/p>\n

Overall Results Of The Ethereum Program<\/p>\n

The work produced by the 17 stipend recipients cover everything from vulnerability research and security tooling to education, threat intelligence, and hands\u2011on incident response.<\/p>\n

According to the Ethereum Foundation, more than $5.8 million in funds have been recovered or frozen, while over 785 vulnerabilities, client bugs, and proof\u2011of\u2011concept exploits have been reported or documented. The Program has also helped identify around 100 DPRK state\u2011sponsored operatives embedded across multiple teams, and its threat\u2011intelligence and investigative content has reached over 209,000 viewers and users.<\/p>\n

On the builder side, more than 800 teams have taken part in sponsored security challenges and investigations, supported by over 80 workshops, talks, and technical or educational resources. The initiative has coordinated responses to more than 36 security incidents and driven the creation or improvement of at least seven open\u2011source tooling repositories, frameworks, and implementations that further harden the ecosystem.<\/p>\n

The Saga Continues<\/p>\n

The DPRK-linked hacks continue to be a serious issue amongst the crypto community. Recently, key actors have been less lenient and more active in trying to uncover and stop their threat.<\/p>\n

Let\u2019s remember that, following the \u00a0the attribution of the\u00a0April 1st $285 million attack on Drift Protocol\u00a0to UNC4736, a North Korea\u2013aligned, state\u2011sponsored hacking group, crypto detective ZachXBT uncovered an internal North Korean payment server<\/a> tied to 390+ accounts, chat logs, and transaction histories.<\/p>\n

A few weeks ago, some crypto builders confessed on the social network X that they are passing tests during interviews to developers<\/a> to make sure they are not North Korean agents.<\/p>\n

Investing in visible, transparent security collaborations (like EF\u2019s backing of ETH Rangers\/Ketman\/SEAL) may deserve a premium in risk models, while protocols with opaque teams and loose hiring are increasingly \u201cheadline risk\u201d candidates.<\/p>\n

\"Ethereum,<\/p>\n

Cover image from Perplexity. ETHUSD chart from Tradingview.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The Ethereum Foundation exposed 100 Democratic People\u2019s Republic of Korea (DPRK)\u2011linked IT workers embedded across roughly 53 crypto projects. Ethereum Foundation Levels Up Its Security With A Detective Program The North Korean secret crypto-agents don\u2019t rest, so the Ethereum Foundation decided it was time they put on the detective\u2019s hat to track them before they […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-82250","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/82250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=82250"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/82250\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=82250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=82250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=82250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}