Ethereum-Funded Investigation Exposes North Korean IT Workers in Web3 Projects

A recent investigation funded by the Ethereum Foundation has shed light on a concerning trend in the Web3 ecosystem. Researchers identified approximately 100 suspected North Korean IT workers operating within various Web3 projects.

The six-month effort, part of the broader ETH Rangers security initiative, focused on tracking wallet activity, developer accounts, and hiring trends across the ecosystem. By combining on-chain analysis with off-chain intelligence, investigators were able to link operatives to North Korea through payment flows on Ethereum and other networks.

According to the investigation, the operatives used fictitious identities and posed as remote engineers and developers, entering projects through normal hiring channels. This approach allows them to blend in with legitimate developers, making it more challenging for teams to detect their presence.

The researchers recommend that Web3 projects implement stronger Know Your Customer (KYC) and background checks for remote technical hires in sensitive roles. They also suggest monitoring contributor patterns, tracking unusual payment routes, and collaborating with analytics firms when wallet behavior appears suspicious.