Ethereum-Backed Project Uncovers 100 North Korean IT Workers in Crypto Sector

The Ketman Project just dropped a bombshell. Researchers found 100 North Korean IT workers embedded across cryptocurrency projects, and the Ethereum Foundation paid for the whole investigation.

The workers spread themselves across 53 different crypto initiatives, which is pretty alarming when you think about the scale. North Korea’s been trying to get its hands on digital currency for years, but this shows how deep the infiltration actually goes. The Ketman Project got funding directly from the Ethereum Foundation to hunt down these operatives, and what they found raises serious questions about who’s really building the projects people invest in every day.

Nobody saw this coming at this scale.

How Deep Does It Go

The 100 workers didn’t just cluster in one or two places. They scattered themselves across 53 projects, which means the problem isn’t isolated to some obscure corner of crypto. These operatives managed to embed themselves in the broader ecosystem, working on projects that could be handling real user funds and sensitive data. The Ketman Project didn’t release names of the specific projects yet, which leaves a lot of teams probably wondering if they’ve got a North Korean worker on payroll right now.

And that’s kind of the scariest part. The workers blend in. They use fake identities, VPNs, and probably work through intermediaries who don’t even know they’re hiring someone from Pyongyang. The crypto industry moves fast and hires remotely without much vetting, which makes it the perfect target for this kind of operation.

The Ethereum Foundation’s decision to fund this research shows they’re taking the threat seriously. But the foundation hasn’t said what happens next or whether they’ll keep funding similar investigations. Reached for comment, the Ethereum Foundation didn’t respond by press time.

What North Korea Gains

North Korea needs money. Sanctions cut off most traditional revenue streams, so the regime turned to crypto years ago. These IT workers probably aren’t just writing code for fun—they’re earning hard currency that flows back to Pyongyang. Some estimates put North Korean crypto earnings in the hundreds of millions annually, though it’s hard to pin down exact numbers.

The workers might also be gathering intelligence. If you’re embedded in a crypto project, you can see how security works, where the vulnerabilities are, and who controls what. That information could feed back into North Korea’s hacking operations, which have hit exchanges and DeFi protocols for billions over the years.

Read also: Ethereum Teeters Near Make-or-Break Price as Traders Brace for Volatile Swing

The 53 projects these workers touched could be compromised in ways nobody’s discovered yet. Maybe there’s a backdoor. Maybe there’s a vulnerability waiting to be exploited. Or maybe the workers were just collecting paychecks and doing normal coding work. Unclear.

The Ketman Project didn’t specify what roles these workers held. Were they junior developers? Senior engineers? Project leads? That information matters because it tells you how much damage they could potentially do. A junior dev writing documentation is one thing. A senior engineer with access to private keys is something else entirely.

The international community hasn’t really figured out how to handle this yet. Traditional sanctions target banks and trade, but crypto moves across borders without asking permission. North Korean workers can get paid in stablecoins or Bitcoin, convert it through mixers, and the money ends up wherever it needs to go. Stopping that requires a level of coordination that doesn’t exist right now.

Some projects are probably scrambling to audit their teams. Others might not even know they’re affected. The Ketman Project found 100 workers, but that’s just what they could identify. There could be more using better operational security, staying under the radar.

The crypto industry talks a lot about decentralization and permissionless systems, but this situation shows the downside. Anyone can participate, including operatives from sanctioned regimes. There’s no easy fix that doesn’t compromise the open nature of the space.

Hiring practices in crypto are basically the Wild West. Teams hire developers from Telegram, Discord, and Upwork without background checks. A North Korean worker with a fake LinkedIn and a GitHub full of contributions looks the same as anyone else. The industry built itself on pseudonymity and remote work, which are great for freedom but terrible for security.

More context: Anne Le Hénanff Supports Crypto at the Louvre Carousel with 100 Million Euros

The Ethereum Foundation’s funding of the Ketman Project might push other organizations to do similar investigations. Maybe we’ll see more projects checking who’s actually writing their code. But that costs money and time, and most crypto startups are barely funded enough to build their product, let alone run counterintelligence operations.

Authorities haven’t weighed in yet. The U.S. Treasury’s Office of Foreign Assets Control goes after crypto mixers and exchanges that touch North Korean funds, but individual IT workers are harder to track. The Ketman Project’s findings might trigger new enforcement actions, though nothing’s been announced.

The situation keeps evolving. The Ketman Project identified 100 workers across 53 projects, but they didn’t say the investigation is over. More names could come out. More projects could get flagged. The full scope remains unknown.

Hub: Ethereum price, news, and analysis