Close Menu
Cryptosphere Update
  • Crypto News
  • Economy
  • Crypto Markets
  • World News
  • Technology
  • Breaking Views
What's Hot

SK Hynix’s profits soar 5x on AI demand, strengthens NVIDIA’s supply chain

April 23, 2026

Iran’s economy in charts: hyperinflation and depreciation of the rial

April 23, 2026

Deadly chemical spill in West Virginia

April 23, 2026
Facebook X (Twitter) Instagram
Trending
  • SK Hynix’s profits soar 5x on AI demand, strengthens NVIDIA’s supply chain
  • Iran’s economy in charts: hyperinflation and depreciation of the rial
  • Deadly chemical spill in West Virginia
  • Kevin Warsh’s favorite anti-inflation measures could hit him again
  • Coinbase says Algorand and Aptos are better prepared for quantum threats
  • Two University of South Florida doctoral students missing, police say
  • Bitcoin (BTC) hits 11-week high, popular altcoin soars 22%: Market Watch
Facebook X (Twitter) Instagram
Cryptosphere Update
  • Crypto News
  • Economy
  • Crypto Markets
  • World News
  • Technology
  • Breaking Views
Crypto Heatmap
Cryptosphere Update
Home » North Korean IT workers have been operating within DeFi protocols for years, researchers warn
Crypto News

North Korean IT workers have been operating within DeFi protocols for years, researchers warn

Vickie HelmBy Vickie HelmApril 6, 2026No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
North korean it workers have been operating within defi protocols
Share
Facebook Twitter LinkedIn Pinterest Email

North Korea-linked entities have been quietly integrating into cryptocurrency companies and DeFi teams for years, and a series of high-stakes exploits linked to the country’s cyber equipment has raised new concerns about insider risk.

summary

According to one security researcher, North Korea-related developers have worked within more than 40 DeFi projects over the past seven years. Investigators and industry insiders warn that many intrusion attempts rely on simple but persistent tactics through recruitment channels and social engineering.

Security researcher and MetaMask developer Taylor Monaghan said these tactics date back to the early days of decentralized finance, with individuals linked to the Democratic People’s Republic of Korea contributing to several widely used protocols.

“Back in the summer of DeFi, many North Korean IT personnel built the protocols you know and love,” she said Sunday, adding that more than 40 platforms, including some well-known projects, relied on such developers at some point.

However, she pointed out that the “seven years of blockchain development experience” listed on her resume is “not a lie.”

Investigators have long linked North Korean cyber activity to the Lazarus Group, a state-sponsored group believed to have stolen about $7 billion in digital assets since 2017, according to analysts at R3ACH.

The group is responsible for some of the industry’s largest breaches, including the $625 million Ronin Bridge exploit in 2022, the $235 million WazirX hack in 2024, and the $1.4 billion Bybit scandal in 2025.

Last week’s $280 million Drift Protocol exploit has received renewed attention. The project said it had “moderate to high confidence” that a North Korean state-linked group was behind the attack and linked the incident to a broader pattern of infiltration and social engineering.

However, the face-to-face meetings leading up to the leak were not conducted by North Korean nationals, but by “third-party intermediaries” using “fully developed identities, including employment history, official qualifications, and professional networks.”

These profiles included work history, official qualifications, and active professional networks, allowing trust to be built through direct interaction before exploitation unfolded.

Independent blockchain researcher ZachXBT warned in a recent X post that not all threats related to North Korea operate at the same level of sophistication.

“The main problem is that when the threats are of different complexity, everyone groups them together,” he said.

He explained that many intrusion attempts are relatively simple and rely on persistence rather than technical complexity. Outreach through job listings, LinkedIn, email, Zoom calls, and interview processes remains common.

“The only thing that is fundamental and never sophisticated (…) is that they are relentless,” he said, adding that teams that continue to fall into such tactics in 2026 risk being seen as negligent.

DeFi Korean North operating protocols researchers warn workers years
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
vickiehelminc
Vickie Helm

Related Posts

SK Hynix’s profits soar 5x on AI demand, strengthens NVIDIA’s supply chain

April 23, 2026

Coinbase says Algorand and Aptos are better prepared for quantum threats

April 22, 2026

Bitcoin (BTC) hits 11-week high, popular altcoin soars 22%: Market Watch

April 22, 2026

Arbitrum freezes $71 million ETH related to Kelp DAO exploit

April 21, 2026
Add A Comment
Leave A Reply Cancel Reply

Popular Posts

Marjorie Taylor Greene speaks with Epstein victims at press conference

November 18, 2025

The fatal flaw in the Bitcoin debate is that it confuses value and utility.

July 1, 2007

UK GDP grew 0.5% in February, beating economists’ expectations

April 16, 2026

Here’s all the effects the Iran war has had on the US economy so far

April 15, 2026
Latest Posts

SK Hynix’s profits soar 5x on AI demand, strengthens NVIDIA’s supply chain

April 23, 2026

Iran’s economy in charts: hyperinflation and depreciation of the rial

April 23, 2026

Deadly chemical spill in West Virginia

April 23, 2026

Subscribe to Updates

Subscribe to our newsletter and stay updated with the latest news and exclusive offers.

About
About

At Cryptosphere Update, we are dedicated to bringing you in-depth coverage of the rapidly evolving crypto landscape, from market trends and emerging blockchain projects to regulatory developments and expert analysis. Our mission is to keep you informed and ahead of the curve in the ever-changing world of digital assets.

Facebook X (Twitter) Instagram Pinterest YouTube
Don't Miss

SK Hynix’s profits soar 5x on AI demand, strengthens NVIDIA’s supply chain

April 23, 2026

Iran’s economy in charts: hyperinflation and depreciation of the rial

April 23, 2026

Deadly chemical spill in West Virginia

April 23, 2026
Newsletter

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

© 2026 Cryptosphere Update. All Rights Reserved.
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.