Ethereum Foundation Exposes 100 North Korean Cyber Operatives in Crypto Sector

Severity: High (Score: 75.5)

Sources: Kucoin, Decrypt.Co, www.state.gov

Summary

The Ethereum Foundation's ETH Rangers Program has identified approximately 100 suspected state-sponsored hackers, including North Korean operatives, infiltrating various Web3 projects. This six-month initiative, aided by the Ketman Project, revealed that these actors used false identities to access development teams and engage in fund transfers. The program successfully froze or recovered over $5.8 million in funds and documented more than 785 vulnerabilities across 53 blockchain projects. The findings highlight a shift in security threats from isolated exploits to systemic risks involving state-level actors. North Korean hackers employed tactics such as remote IT work, account takeovers, and freelancing platform infiltration. The Ethereum Foundation plans to continue its efforts in enhancing security measures against these escalating threats. The report was shared at security conferences, emphasizing the ongoing risk posed by state-sponsored cyberattacks. Key Points: • Ethereum Foundation identified 100 suspected North Korean hackers infiltrating crypto projects. • Over $5.8 million in funds were frozen or recovered during the ETH Rangers Program. • The investigation revealed systemic risks from state-sponsored actors in the Ethereum ecosystem.

Key Entities

• Lazarus Group (apt_group)
• Supply Chain Attack (attack_type)
• Ketman Project (campaign)
• China (country)
• North Korea (country)
• Russia (country)
• T1036 - Masquerading (mitre_attack)
• T1078 - Valid Accounts (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)
• Drift Protocol (company)
• Solana (platform)