North Korean IT Workers Infiltrate Major DeFi Protocols for Seven Years

North Korean IT Workers Infiltrate Major DeFi Protocols for Seven Years

First seen 7 Apr 2026, 02:45 UTC BitgetCryptorank 76% similarity 73.3

Article Content

Browse articles
ThreatCluster

Recent findings reveal that North Korean IT workers have been involved in the development of decentralized finance (DeFi) protocols for at least seven years. Cybersecurity researcher Taylor Monahan disclosed that over 40 DeFi platforms, including well-known projects, have had contributions from these workers, particularly during the DeFi summer of 2020. This infiltration marks a strategic shift from direct cyberattacks to legitimate development roles, allowing North Korean operatives to gain technical skills and operate within legal boundaries. The Lazarus Group, a North Korean hacking collective, has been linked to significant crypto thefts, including the $1.4 billion Bybit heist in 2025. The Drift Protocol recently reported a $280 million exploit believed to be connected to North Korean-affiliated hackers. The decentralized nature of blockchain development complicates security vetting, raising concerns about the potential for future exploits. The situation highlights the need for enhanced scrutiny in hiring practices within the crypto industry.

Key Points: • North Korean IT workers have contributed to over 40 DeFi platforms for seven years. • The Lazarus Group has been linked to significant cryptocurrency thefts totaling $7 billion since 2017. • The Drift Protocol recently suffered a $280 million exploit attributed to North Korean-affiliated hackers.

ThreatCluster AI

Timeline

2020-07-01
DeFi summer begins, North Korean IT workers contribute to major protocols.
2025-01-01
Lazarus Group linked to $1.4 billion Bybit heist.
2025-01-01
Lazarus Group reported to have stolen $7 billion in crypto since 2017.
2026-04-01
Drift Protocol reports $280 million exploit linked to North Korean hackers.
2026-04-06
Taylor Monahan reveals North Korean involvement in DeFi development.

Community

Browse all →