A security initiative backed by the Ethereum Foundation has identified around 100 suspected North Korean IT operatives working inside crypto and Web3 companies under false identities. The findings come from a six-month investigation conducted through the ETH Rangers program, where researchers tracked behavioral patterns, fake employment histories, and technical signals linked to known state-backed tactics. Unlike past attacks focused on hacking, this approach relies on gaining legitimate access to internal systems by passing hiring processes.
The investigation highlights a shift toward long-term infiltration, where individuals embed within teams to collect intelligence, earn salaries, and potentially prepare future exploits.
