North Korean IT Specialists Exposed in Web3 Companies

The Ethereum Foundation has published a report detailing the success of its ETH Rangers program in identifying and exposing North Korean IT specialists infiltrating Web3 companies. The program, which aims to fund independent researchers focused on ecosystem security, allocated funds to create the Ketman project.

Ketman's researchers concentrated on operations supported by North Korea and identified 100 DPRK operatives actively working within Web3 organizations. They also notified 53 projects that they likely employ active agents.

The team used a combination of investigative work and open-source tools, including an automatic detection tool for suspicious activity on GitHub, to identify typical traits of North Korean IT operatives. These traits include the repeated use of avatars and profile metadata across multiple accounts, accidental disclosure of unrelated email addresses during screen sharing, and specific communication behavior patterns.