Ethereum Foundation-Funded Initiative Exposes North Korean IT Workers

A recent initiative aimed at improving operational security within the Ethereum ecosystem has yielded significant results.

The Ethereum Foundation-funded project, which was part of its ETH Rangers program, identified 100 North Korean IT workers operating under false identities inside Web3 organizations.

The Ketman Project, which focused on investigating fraudulent developers embedded in crypto, used a combination of behavioral and technical patterns to track down the operatives.

According to the project's website, documented red flags included reusing avatars and profile metadata across multiple GitHub accounts, accidentally exposing unlinked email addresses during screen sharing, and displaying device language settings that contradicted claimed nationalities.

The Ketman Project also developed an open-source detection tool designed to flag suspicious GitHub activity and co-authored an industry-standard identification framework in partnership with the Security Alliance.