An Ethereum Foundation-funded program has identified 100 North Korean IT workers embedded across crypto projects, exposing one of Web3’s quietest security risks. For traders and builders, the finding is a reminder that counterparty risk in this market is not only about code and price — it can also be about who is quietly writing that code.
What Happened
The Ketman Project, backed by an Ethereum Foundation stipend, flagged 100 suspected DPRK operatives and alerted roughly 53 projects that were employing them. The program cross-references wallet history, code commit patterns, and interview footage to spot workers who had embedded themselves inside development teams, with many routing their compensation back to sanctioned entities.
The tactic is not new, but its scale is striking. North Korean IT workers have spent years posing as freelance developers to earn hard currency and, in some cases, to gain insider access to the projects that hire them. The novelty here is a systematic, forensic method for catching them before that access turns into an exploit.
What It Means for Traders
Insider access is a distinct threat from an external hack. A developer with commit rights can introduce subtle vulnerabilities or hold keys to privileged functions, and that risk is hard to see from the outside. Traders allocating to smaller tokens and early-stage protocols are effectively trusting teams they cannot fully vet.
The practical signal is to treat team security and hiring diligence as part of fundamental analysis. Projects that can point to audited processes, known contributors, and screening practices carry a different risk profile than anonymous teams with opaque staffing — a distinction worth weighing before sizing a position.
The Bigger Picture
That the Ethereum Foundation is funding this kind of defensive work signals a maturing ecosystem taking operational security seriously, not just protocol-level audits. Shared threat intelligence across 53 projects is the sort of coordination traditional finance relies on, now taking shape in crypto.
There is a regulatory dimension too. Compensation flowing to sanctioned entities exposes projects to legal risk, and exchanges or partners may grow more cautious about teams that fail to screen contributors. Over time, credible security practices could become a competitive advantage rather than a back-office afterthought.
The Bottom Line
The Ketman Project shows that Web3’s threat surface reaches into the hiring pipeline, not just the smart contract. For traders, it reinforces a simple discipline: understand who builds what you hold, and factor operational security into how you assess a project.
This article is informational only and does not constitute financial advice.



















