North Korean IT Specialists Infiltrate Global DeFi Ecosystem

Recent revelations by MetaMask developer Taylor Monahan have shed light on the long-term integration of North Korean cybercriminals into the global DeFi ecosystem.

The Lazarus Group, one of the most active North Korean hacking organizations, has been involved in developing several DeFi projects for at least seven years. These projects include SushiSwap, Thorchain, Fantom, Shib, Yearn, Floki, and others.

Monahan's findings came in response to comments by Tim Ahl, founder of the Solana aggregator Titan, who shared his experience interviewing a member of the Lazarus Group. Ahl noted that the candidate was qualified but declined an in-person meeting, leading to rejection. Later, the candidate’s name appeared in a Lazarus data leak.

The discussion intensified after the Drift Protocol hack, where $280 million was stolen. The project's developers linked the incident to hackers from North Korea.