North Korean Operatives Infiltrate 50+ Web3 Firms Using Fake Identities

• North Korean operatives secretly entered Web3 firms using convincing fake identities
• Security probe uncovers widespread infiltration affecting dozens of crypto projects globally
• Weak hiring checks expose crypto companies to hidden internal cybersecurity threats

A covert cyber infiltration campaign has exposed significant weaknesses across the Web3 sector, after investigators uncovered a network of foreign operatives embedded within dozens of crypto projects. The findings reveal how attackers bypassed hiring checks and gained access to sensitive systems, raising urgent concerns about internal security practices across decentralized organizations.

According to research backed by Ethereum Foundation, nearly 100 individuals linked to North Korea secured roles in at least 53 crypto and Web3 firms. These individuals reportedly used fabricated identities to pass recruitment processes and integrate into development teams without triggering suspicion.

The investigation, conducted over six months under the ETH Rangers program, highlighted how remote hiring structures created an entry point for infiltration. Moreover, the probe was led by the Ketman Project, a group focused on identifying deceptive digital identities and abnormal developer behavior patterns. Researchers contacted affected companies directly, warning them about potential internal risks.

Also Read: Bitcoin Miners Shift to AI as Security Debate Intensifies Across Network

Remote Hiring Loopholes Expose Crypto Firms to Hidden Threats

The operatives built convincing professional profiles across platforms like GitHub and freelance marketplaces, allowing them to pass technical interviews and onboarding processes successfully. Consequently, they gained direct access to internal codebases, financial tools, and operational systems. Besides that, Web3 companies often prioritize speed and global talent access, which can reduce strict identity verification standards. This structure allowed attackers to blend in while performing routine tasks, making detection significantly more difficult.

Additionally, the ETH Rangers initiative uncovered broader security gaps beyond infiltration cases. The program identified over 785 vulnerabilities within crypto systems and helped recover or freeze more than $5.8 million in assets. It also conducted several incident response operations and reached over 209,000 individuals through awareness campaigns. North Korea has maintained a long-standing focus on cyber operations targeting digital assets. Groups such as Lazarus Group have previously been linked to major crypto exploits involving millions of dollars. These operations often aim to bypass sanctions and fund state-backed initiatives.

Furthermore, experts note that many Web3 projects lack centralized oversight and mature security frameworks. As a result, attackers can exploit these structural gaps while operating undetected for extended periods. The discovery highlights how internal security risks now rival external threats in the crypto sector. Companies may need stricter identity verification and monitoring systems to reduce exposure to similar infiltration attempts.

Also Read: XRP Goes Live on Solana as Cross Chain Liquidity Expands DeFi Access

The post North Korean Operatives Infiltrate 50+ Web3 Firms Using Fake Identities appeared first on 36Crypto.