North Korean Operatives Infiltrate Web3 Firms Using Fake Identities

The rise of state-sponsored hacking has reached new heights, with North Korean operatives infiltrating Web3 companies using fake identities. A recent investigation by the Ethereum Foundation-backed program, ETH Rangers, has uncovered approximately 100 North Korean IT workers embedded in Web3 firms.

Using a combination of job board monitoring, GitHub activity tracking, and behavioral signal analysis, researchers identified suspicious patterns of behavior that indicated coordinated workforce infiltration. The operatives were using fabricated identities to pass HR screenings and access internal repositories, with some sitting inside product teams for months before detection.

The discovery highlights the growing threat of state-sponsored hacking in the Web3 sector. Unlike traditional exploits and exchange hacks, this type of attack involves a coordinated workforce infiltration, where operatives use legitimate salaries to gain access to sensitive information and pre-position for future attacks.