All articles are carefully reviewed and evaluated by leading blockchain experts and industry experts.
- A project supported by the Ethereum Foundation says it has identified about 100 suspected DPRK IT workers involved in the crypto industry.
- Ketman’s group said it has joined about 53 projects and is now helping companies use honeypots of interrogation to identify those who are already doing bad things.
The Ethereum Foundation is focusing on one of the most overlooked crypto security risks: actors are hired before they can hack anything.
According to what was shared by @_FORAB, the recent review of the Ethereum Foundation highlighted Ketman, a project that focuses on detection. North Korean operatives are getting into the crypto industry through fake software developers. During its work, the group said it reached about 53 projects and identified about 100 DPRK IT employees working in Web3 organizations.
The risk starts with hiring, not greed
This is what makes this case less interesting than a criminal report. The issue is not just about stolen keys or tampering smart contracts. And hiring people.
I’m leaving he says these operatives often use fake Japanese documents to secure engineering positions in the crypto industry. Once inside, they can access internal devices, databases, workflows and security measures in time before any attack occurs.
For companies made up of distributed teams and fast hiring, that creates another risk. Crypto companies like to think about security in terms of codes and wallet security. Ketman’s work suggests that the first line of defense may need to be in place much earlier, during the interview process.
Honeypots enter the recruitment process
The service is now helping crypto groups to create honeypots to recruit to identify suspects before they board. That is a remarkable change. This means that some businesses are starting to hire themselves as part of security, rather than an HR function.
The larger message is clear. Threats linked to North Korea in crypto are no longer foreign threats. They are very much tied to penetration, patience and discovery from within.
For the Ethereum Foundation, supporting a project like Ketman also shows a great understanding of the security of the environment. Securing Web3 isn’t just about putting contracts in place later. It’s about knowing who is trying to get into the company before the code is sent.
